Home > Research > Publications & Outputs > Learning to Walk

Electronic data

Text available via DOI:

View graph of relations

Learning to Walk: Towards Assessing the Maturity of OT Security Control Standards and Guidelines

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

Learning to Walk: Towards Assessing the Maturity of OT Security Control Standards and Guidelines. / Staves, Alex; Maesschalck, Sam; Derbyshire, Richard et al.
2023 IFIP Networking Conference (IFIP Networking). IEEE, 2023. p. 1-6.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

APA

Vancouver

Staves A, Maesschalck S, Derbyshire R, Green B, Hutchison D. Learning to Walk: Towards Assessing the Maturity of OT Security Control Standards and Guidelines. In 2023 IFIP Networking Conference (IFIP Networking). IEEE. 2023. p. 1-6 doi: 10.23919/IFIPNetworking57963.2023.10186424

Author

Bibtex

@inproceedings{f93b06f65fd743a4935407c4b590aea1,
title = "Learning to Walk: Towards Assessing the Maturity of OT Security Control Standards and Guidelines",
abstract = "The convergence of IT and OT has presented OT environments with several challenges, such as increasing the attack surface of its real time systems to include more commonplace enterprise vulnerabilities. As OT is used across heavily regulated sectors, including water and nuclear, many standards and guidelines are available to these sectors, providing them with assistance towards continued improvements from a cyber security perspective. However, these standards and guidelines are not always as mature as their IT counterparts. This paper proposes a model to benchmark the maturity of OT focused standards and guidelines, which we then use to analyse seven commonly adopted resources. Based on this analysis, we find that these OT standards and guidelines do not always provide in-depth implementation guidance, and often refer instead to IT standards and guidelines for more information. Improvements are urgently needed in security and risk mitigation for interconnected OT and IT systems, as security controls in OT are typically re-appropriated IT controls. To help achieve this goal, OT standards must mature further.",
author = "Alex Staves and Sam Maesschalck and Richard Derbyshire and Benjamin Green and David Hutchison",
year = "2023",
month = jul,
day = "24",
doi = "10.23919/IFIPNetworking57963.2023.10186424",
language = "English",
pages = "1--6",
booktitle = "2023 IFIP Networking Conference (IFIP Networking)",
publisher = "IEEE",

}

RIS

TY - GEN

T1 - Learning to Walk

T2 - Towards Assessing the Maturity of OT Security Control Standards and Guidelines

AU - Staves, Alex

AU - Maesschalck, Sam

AU - Derbyshire, Richard

AU - Green, Benjamin

AU - Hutchison, David

PY - 2023/7/24

Y1 - 2023/7/24

N2 - The convergence of IT and OT has presented OT environments with several challenges, such as increasing the attack surface of its real time systems to include more commonplace enterprise vulnerabilities. As OT is used across heavily regulated sectors, including water and nuclear, many standards and guidelines are available to these sectors, providing them with assistance towards continued improvements from a cyber security perspective. However, these standards and guidelines are not always as mature as their IT counterparts. This paper proposes a model to benchmark the maturity of OT focused standards and guidelines, which we then use to analyse seven commonly adopted resources. Based on this analysis, we find that these OT standards and guidelines do not always provide in-depth implementation guidance, and often refer instead to IT standards and guidelines for more information. Improvements are urgently needed in security and risk mitigation for interconnected OT and IT systems, as security controls in OT are typically re-appropriated IT controls. To help achieve this goal, OT standards must mature further.

AB - The convergence of IT and OT has presented OT environments with several challenges, such as increasing the attack surface of its real time systems to include more commonplace enterprise vulnerabilities. As OT is used across heavily regulated sectors, including water and nuclear, many standards and guidelines are available to these sectors, providing them with assistance towards continued improvements from a cyber security perspective. However, these standards and guidelines are not always as mature as their IT counterparts. This paper proposes a model to benchmark the maturity of OT focused standards and guidelines, which we then use to analyse seven commonly adopted resources. Based on this analysis, we find that these OT standards and guidelines do not always provide in-depth implementation guidance, and often refer instead to IT standards and guidelines for more information. Improvements are urgently needed in security and risk mitigation for interconnected OT and IT systems, as security controls in OT are typically re-appropriated IT controls. To help achieve this goal, OT standards must mature further.

U2 - 10.23919/IFIPNetworking57963.2023.10186424

DO - 10.23919/IFIPNetworking57963.2023.10186424

M3 - Conference contribution/Paper

SP - 1

EP - 6

BT - 2023 IFIP Networking Conference (IFIP Networking)

PB - IEEE

ER -