Abstract
The convergence of Information Technologies and Operational Technology systems in industrial networks presents many challenges related to availability, integrity, and confidentiality. In this paper, we evaluate the various cybersecurity risks in industrial control systems and how they may affect these areas of concern, with a particular focus on energy-sector Operational Technology systems. There are multiple threats and countermeasures that Operational Technology and Information Technology systems share. Since Information Technology cybersecurity is a relatively mature field, this paper emphasizes on threats with particular applicability to Operational Technology and their respective countermeasures. We identify regulations, standards, frameworks and typical system architectures associated with this domain. We review relevant challenges, threats, and countermeasures, as well as critical differences in priorities between Information and Operational Technology cybersecurity efforts and implications. These results are then examined against the recommended National Institute of Standards and Technology framework for gap analysis to provide a complete approach to energy sector cybersecurity. We provide analysis of countermeasure implementation to align with the continuous functions recommended for a sound cybersecurity framework.
