In cybersecurity today, a huge effort is put into detecting cyberattacks that occur on systems. Most often, these efforts detect the attack many months after it has begun or occurred. In other words, by then the damage has already been done, either by exfiltrating valuable information such as credit histories or medical information, or by corrupting the system in some way. These cybersecurity detection systems are often very expensive to acquire and to operate. They typically require a cybersecurity watchfloor manned around the clock to monitor the cybersecurity systems and respond to events. Once a breach is discovered the vector of attack is closed through patching of the systems or disabling a port, or some other mechanism. Then the system is remediated to a good state by restoring data from a backup or other data restoration technique. Defending systems through this means is costly, labor intensive, and not fully effective, as successful cyberattacks continue to happen.
The cybersecurity situation is much worse for cyberphysical systems like control systems. Consider an industrial control system that operates an oil refinery. If a successful cyberattack compromises the control system the result could be a catastrophic failure of some refinery components. The damage could be millions of dollars in losses, months of downtime, and injuries and even deaths to personnel. The standard IT/Data cybersecurity methods of detect and remediate are not well matched to the problem of protecting cyberphysical systems from cyberattack as they are too late to prevent the damage that can occur. In this case, there is no software backup from which the refinery can be remediated back to a good state. Physical damage has been done that will take time and money to rebuild. The costs to the refinery due to a successful cyberattack are more immediate and can be far greater than to an IT/Data system.
Wouldn’t it be better to keep the cyberattack from succeeding in the first place? That is, we can’t keep the attackers from trying to compromise a system, but we can make every effort to keep them out. Shouldn’t the first priority in protecting cyberphysical systems be to find the best cybersecurity methods to harden systems and prevent cyberattacks from succeeding in the first place? Given the great losses that are incurred by a successful cyberattack on a cyberphysical system, the effort in cyberdefense needs to lean more in the direction of hardening and less in the direction of detection and remediate than is done for an IT/Data system, as the damage is too immediate and costly to do otherwise.
At Cognoscenti Systems we are providing effective defense of control systems against network cyberattack. We keep the bad guys out so your system can continue to function as designed, without interruption. www.cognoscentisystems.com