Operational priorities

The following diagram illustrates a side-by-side comparison of priorities in IT and OT environments in the context of securing operations:

In the case of securing ICS and SCADA networks, the protection of the plant, people, and processes takes precedence. Industrial controls involve engineered processes (for example, the opening/closing of valves, turning energy levels higher/lower, and so on). These controls and commands must function in a deterministic fashion. Thus, although industrial controls are not technically integral to a security framework, security measures must align with industrial control requirements.

In IT networks, it may suffice to inspect network layer traffic, but to secure OT environments, industrial firewalls are expected to perform deep-packet inspection to monitor and analyze actual commands in the application layer.

The availability of OT systems and infrastructure is shown next in terms of priority. With the introduction of data-centric models and the Internet of Things, data integrity is arguably more important than availability in certain use cases.

In IT environments, data confidentiality, integrity, and system availability are the main priorities (not necessarily in any particular order, as in some use cases, system availability takes precedence over confidentiality).