Transparently Insecure Operational Technology: A Contextual Analysis

In cybersecurity, countering threats depends on an ability to see and respond to attacks. However, in operational technology, transparency is a double-edged sword. Some of the same connectivity developed to dynamically manage cyber physical systems also exposes vulnerabilities to attackers.

This paper will explore the impact of the increased connectivity of embedded devices with information technology environments and consequential gaps in analytic models and risk management methodologies. Of special concern, the rapid turn-around between OT scanning-to-exploitation is growing in scope and scale. In a rapidly changing environment, cyber defenders need to adapt threat hunting approaches to evolving threats through innovative approaches. This research also evaluates how cyber defenders can assess threats particular to operational technology and develop situational awareness to better defend their networks. Cyber physical security ultimately depends on a deep understanding of the technologies at play, ability to analyze emerging threats, and holistic risk management. Technology-centered models will best enable asset owners, operators, and stakeholders to deter strategic surprise.