While no one would argue that network security isn’t important, it’s also important that the basic process sensor data that cross the OT network not be overlooked. Process sensors are necessary input for reliability, availability, safety, predictive maintenance, product quality, and cyber security. Yet process sensors have no cyber security and are connected to the Internet during maintenance potentially introducing malware or sensor manipulation. Important information about the health of the physical processes and the process sensors are found in the milli-second to second “squiggles” in the sensor readings. Unfortunately, the “squiggle” data is effectively filtered out by the HMIs.
Because the higher frequency information is not directly relevant to cyber security, network cyber security personnel are not aware that important engineering data is not available. Ignoring process sensors because they appear to be inconsequential to the process does not make them less important to monitor for cyber security considerations if they are on the IP networks.
Attackers are aware of process sensor cyber limitations as demonstrated by Stuxnet, yet the defenders refuse to address it – a bad situation to be sure. Because of the Internet connectivity for calibrations and other maintenance activities, all process sensors in critical processes should be monitored even if they are only on local networks. Additionally, all sensors that are on the Windows IP network need to be monitored even if they are not considered critical because of their Internet connectivity. Domain engineering expertise is needed to understand the implications of process sensor monitoring.