ICS are connected to computer networks, which in turn are connected to the internet and are employed to control equipment and safeguard people, plant and environment. This arrangement creates the need for cybersecurity risk assessments with the objective of recording the possible business impacts of a successful cyber-attack against ICS, ensuring threat vectors are identified and understood and countermeasures are considered.

Unlike cybersecurity incidents on IT systems, which tend to result almost exclusively in economic consequences, OT cybersecurity incidents can create a number of potential consequences.  This directly depends on the objectives of the attacker—like process impacts to safety, the environment, and business risk. However, organization’s risk matrix should be modified to consider other impacts such as reputational damage or loss of intellectual property/ competitive advantage.

Keep Reading