Modern Industrial Control Systems (ICS) rely on enterprise to plant floor connectivity. Where the size, diversity, and therefore complexity of ICS increase, operational requirements, goals, and challenges defined by users across various sub-systems follow. Recent trends in Information Technology (IT) and Operational Technology (OT) convergence may cause operators to lose a comprehensive understanding of end-to-end data flow requirements. This presents a risk to system security and resilience. Sensors were once solely applied for operational process use, but now act as inputs supporting a diverse set of organizational requirements. If these are not fully understood, incomplete risk assessment, and inappropriate implementation of security controls could occur. In search of a solution, operators may turn to standards and guidelines.


In many cases the controller and operator can observe the physical process only through sensor readings, and must have faith that the process data describes the true underlying situation. Processed in a variety of ways, sensor signals pass through a variety of functions such as amplification, scaling, conversion, filtering, aggregation and normalization to name a few. Furthermore, data sources are combined through computation formulas prior to additional controller and application consumption. In essence, data processing is conducted to provide usable/actionable information, based on the requirements defined by data consuming circuits/devices/applications at each stage in a data chain. Any error in data processing along a pathway harbor’s the potential to degrade and even lose visibility of the process state. Understanding data sources and pathways is essential to the comprehension of undesirable impact on process operations, caused by errors or intentional manipulation of data streams.

Most attacks directed at operational processes (excluding espionage) will seek to tamper with process data and information flows. This is often assumed to involve a process by which the attacker infiltrates a communications link, then using replay, packet injection, or direction manipulation of payloads, achieves an undesirable change. Application of network monitoring and intrusion detection techniques are seen as effective mitigation strategies. However, the level of visibility they offer misses malicious manipulations occurring within any given device, and infrequent legitimate system-to-user interactions. In ICS, data originates in the physical space, therefore data reliability and integrity starts from the first point of measurement being processed. Occurring at Level 0 of the Purdue model, an analogue signal must first be calibrated and scaled, transforming it into a useful unit of measurement. This represents the first step where malicious actors may manipulate the data. Once converted into a digital value, the data is presented to a controller (PLC, RTU, etc.) serving as an input to a control algorithm. Process control decisions can be made automatically based on predefined logic, or manually through user interaction with the controller via a human machine interface (HMI).


Contact us