This presentation reviews the top twenty cyberattack classes for industrial control systems, and describes how to use these attacks to evaluate industrial control system security programs. We apply the attacks and methodology to Industrial Internet of Things (IIoT) and ICS cloud connectivity security designs, concluding that these designs increase the attack surface of industrial installations. We then evaluate the mitigations recommended by the Industrial Internet Consortium Security Framework and other authorities, again by evaluating attack classes against example designs. We conclude that the recommended mitigations are sufficient to address the increased risk, and that when applied correctly, these mitigations can reduce overall cyber-physical risks to levels even below pre-IIoT/cloud installations.
For additional information, please take a look at the following Waterfall Whitepaper: