Applicability of Security Standards for Operational Technology by SMEs and Large Enterprises

Establishing adequate cybersecurity for their operational technology (OT) is an existential challenge for manufacturing enterprises. Domain-specific security standards should provide essential support in this challenge. However, they cannot be implemented equally for enterprises of all sizes.We investigate to what extent domain-specific security standards for operational technology are applicable by small and medium-sized as well as large manufacturing enterprises, and how their individual need for action can be identified and addressed. We support our investigation with the results of two independent surveys among manufacturers about their needs for cybersecurity support.In the course of this investigation, we learned that most domain-specific security standards are well applicable to large enterprises. In contrast, small and medium-sized enterprises (SME) seek the support of security experts, who, for their part, are often struggling with a lack of experience in operational technology. To facilitate this cooperation, we provide an introduction for OT-and cybersecurity-experts to the respective basic concepts of their collaborators.

[1]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[2]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[3]  Cameron Shearon The New Standard for Cyber Security , 2020, 2020 Pan Pacific Microelectronics Symposium (Pan Pacific).

[4]  Jack Jones,et al.  Measuring and Managing Information Risk: A FAIR Approach , 2014 .

[5]  Andreas Sylvan Internet of Things in Surface Mount TechnologyElectronics Assembly , 2017 .

[6]  Nell Nelson,et al.  The Impact of Dragonfly Malware on Industrial Control Systems , 2020 .

[7]  M. Petró‐Turza,et al.  The International Organization for Standardization. , 2003 .

[8]  Lisa Forstner,et al.  Integrierte Wertschöpfungsnetzwerke – Chancen und Potenziale durch Industrie 4.0 , 2014, Elektrotech. Informationstechnik.

[9]  Vladislav Fomin,et al.  Exploring the Suitability of IS Security Management Standards for SMEs , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[10]  Gerd Stefan Brost,et al.  Deriving Impact-driven Security Requirements and Monitoring Measures for Industrial IoT , 2019, CPSS@AsiaCCS.

[11]  G I Korshunov,et al.  Models for formation and choice of variants for organizing digital electronics manufacturing , 2018 .

[12]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[13]  Keith Bryant i4.0, are We Really Ready? , 2020, 2020 Pan Pacific Microelectronics Symposium (Pan Pacific).