Cybersecurity in Industrial Control Systems: An integration of information technology and operational technology

Abstract

The Industrial Control Systems (ICS) consists of supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), safety instrumented systems (SIS), and other control system configurations such as programmable logic controllers (PLC). These systems are vulnerable to cyber-attacks. Security against cyber-attacks is becoming more crucial for the ICS industries. The cyber-attacks could be carried out simultaneously at many SCADA, DCS, and SIS systems. The researcher deployed NIST.SP.800-61r2, NIST.SP.800-82r2, IEC 62443 series, and Purdue Enterprise Reference Architecture (PERA) as a guide to implementing cybersecurity approaches to protect them from these threats. The ten industrial plants used cases such as chemical processing, power generation, oil and gas processing, and petroleum processing have been investigated subject to the four main types of vulnerability in cyber security; network; operating system; human; and process vulnerabilities. This research approach is intended to lead to innovative, game-changing capabilities for an incident response plan (IRP) according to cybersecurity Spectrum Security SL2 and SL4 models for the critical ICS.