OT Cybersecurity

Cybersecurity is the protection of networks and computer systems, including hardware and software, against cyberattacks. Of particular interest to engineers is the computer control of physical systems that monitor and control transportation, pipelines, water treatment, waste treatment, chemical manufacture, factories, energy production, and other industrial processes. Two areas of cybersecurity focus are:

  • Information Technology (IT): computer systems including software, data, and networks
  • Operational Technology (OT): devices that control the physical world

OT Cybersecurity is concerned with keeping intruders out of the local control system network and detecting malicious intent from those who have access. Malicious intent may be subtle such as signal manipulation to decrease production, damage equipment, or steal information. One of the first notable cyberattacks was the Stuxnet virus that replayed normal data to the operator to run undetected while damaging equipment over a period of months.

Machine Learning for Cybersecurity has many applications that detect phishing, password strength, abnormal network packet flow, intrusions, spam, malware, ransomware, distributed denial of service (DDoS), and other cyberattacks. Most of ML Cybersecurity is focused on classification to detect bad actors.

Activity

IOT/OT Cybersecurity with the TCLab: Classification to detect when the heater power supply is unplugged or the heater power level is set to zero.

✅ Knowledge Check

1. Which of the following best describes the primary focus of OT Cybersecurity?

A. Protecting the physical devices that control computer systems.
Incorrect. OT Cybersecurity is not primarily about protecting the devices that control computer systems but rather about protecting devices that control the physical world.
B. Detecting malicious intent from users who already have access to the network.
Correct. OT Cybersecurity is concerned with keeping intruders out of the local control system network and detecting malicious intent from those who have access.
C. Protecting data and software from unauthorized access.
Incorrect. While data and software protection are important, this is more related to IT Cybersecurity. OT focuses on devices controlling the physical world.
D. Monitoring and controlling transportation, pipelines, and other physical systems.
Incorrect. Although these are applications where OT is used, OT Cybersecurity's primary focus is on protecting these systems from cyber threats.

2. What is the main application of Machine Learning in Cybersecurity?

A. Developing new malware to penetrate networks.
Incorrect. Machine Learning for Cybersecurity is aimed at detecting and preventing cyber threats, not creating them.
B. Automating routine tasks for IT professionals.
Incorrect. While automation might be a side benefit, the primary use of ML in Cybersecurity is for threat detection and classification.
C. Classification to detect bad actors and cyber threats.
Correct. Most of ML Cybersecurity is focused on classification to detect bad actors.
D. Data storage and management for cybersecurity databases.
Incorrect. Data storage and management are essential components, but they aren't the main application of Machine Learning in Cybersecurity.