100 aspects of security: More to come?

As the world of information technology (IT) merges with that of operational technology (OT), the concept of security is growing.

Industrial machine + website = cybersystem

1. Let’s say there was a machine in a manufacturing plant.
   It needed to run reliably without endangering the safety of people. At the same time, the issue of fault tolerance was critical. After all, system performance is determined by the performance of the critical node. And if the operation of critical equipment is stopped, it will cause huge financial losses that could be comparable to the cost of downtime for the entire company. In addition, equipment failure can cause damage in the physical world.
2. And there was a website on the internet.
   It was necessary that the data it contained be available to certain users at the right time and inaccessible to others, and so that an attacker could not tamper with it. The issue of fault tolerance was not as critical. If the site goes down for a while, that’s bad, but not as bad as in the case of industrial equipment.
3. Now the fleet of machines and this site come together to form new cyberphysical systems. Telemetry is collected from the machines and aggregated information about production status is displayed in real time on the plant’s management web application.

The machine was not built with information security in mind, and the website was not built with functional security and fault tolerance in mind. But the system as a whole must take all these aspects into account.

From three to 100 aspects of security

IT systems used to focus primarily on three aspects: integrity, confidentiality and availability. Now, functional security, resilience, reliability, and many, many other aspects of security need to be considered.

For example, the Industrial Internet Consortium, in its document on security for the IIoT, identifies five key aspects of a cybersystem in the context of security (trustworthiness): safety, privacy, security, reliability, resilience. In addition to these key aspects, it states that others may also be important.

Interestingly, there is even a separate term, “ility”, derived from the endings of words such as stability, reliability, usability, and others applied to modern cybersystems. We can count about one and a half hundred such terms, and the vast majority of them relate to security in one way or another.

As the concept of security has expanded, the number of security issues has also expanded. There are more of them, both in the cybersystems themselves and in the organization of their development, maintenance and support.

Therefore, it is especially important to create Secure by Design systems by embedding security into the design. The Cyber Immune approach helps solve this problem.