Cyber, Physical, and Operational Security in Civil Engineering Practice
This session will earn 1.0 PDH
Abstract: Across all aspects of civil engineering, we find ourselves increasingly operating in distributed information exchange environments. Legacy, static, physical environments have transformed into sensor-controller-machine intensive environments that communicate continuously, both internally and externally, to optimize performance and efficiency. Civil engineers now find themselves at the intersection of complex cyber-, physical-, and operations security design decisions. These decisions are complex because unlike the homogeneous information technology (IT) environment, operational technology (OT) is characterized by a diverse collection of technologies, protocols, and standards. Decision making in this heterogeneous environment requires an approach that goes beyond IT practices, incorporating the unique needs of OT while considering the mandate of operational continuity. Because civil engineers are in leadership roles on projects where trade-offs between security and operational availability are resolved across a range of risk, consequence, and cost scenarios, understanding the cyber physical-, operations intersection becomes critical. The question for thousands of projects every day is becoming: "are information technology security mandates and operational technology availability mandates blended to find the right balance?". This presentation introduces a simple framework that begins to define principles of practice to inform that decision. This multi-dimensional framework evaluates protection decisions for combined IT/OT topologies through four key lenses: Functional Segmentation, Cyber Hygiene, Network Oversight, and Human Reliability. A series of scenarios will be used to illustrate how viewing and resolving the risk-consequence-cost balance through these four lenses reduces vulnerability, while at the same time, increases the operational efficiency of cyber-physical systems.
- Describe the growing impact of digitization across the various civil engineering disciplines – Coastal, Transportation, Construction, Structural, Earthquake, Environmental, Geotechnical, and Water Resources.
- Summarize the difference between information technology and operational technology security concerns and identify real world impacts as revealed via the scenarios.
- Learn how to create a needs analysis using a simple framework for resolving risk, consequence, and cost into designs of secure cyber-physical systems.