2021 ICS Cyber Security Conference

Current industrial cybersecurity solutions are heavily based on networked approaches to security, and focus on using IT-first principles to create a secure “shell” around OT networks and ICS components. However, these approaches do not fully utilize the unique characteristics of ICSs. ICS components have a significant amount of industrial process data associated with them, such as control commands & sensor values, which correlate to the current state of the physical facility and process that ICS component is supervising. Monitoring of this process data can provide deep insight and detection of physical anomalies which are impossible to detect from purely digital information, such as degrading equipment and incorrect physical configurations. Current approaches to monitoring process data often begin by uploading this data to the cloud for analysis and detection. However, requiring this kind of data transfer is prohibitively expensive for sites with a large number of process data points, or for remote sites without access to high-bandwidth communications channels. Additionally, the data transfer paradigm creates additional vulnerability concerns – especially for defense-in-depth approaches – which industrial entities may prefer to avoid altogether.

This talk will show how adopting a decentralized approach allows for robust detection of threats to industrial infrastructure without incurring significant data transfer requirements, and that this approach is scalable to thousands of devices. We also show that with increasingly miniaturized electronics, and the decreasing cost of compute, this approach enhances defense-in-depth focused industrial cybersecurity.