TY - CHAP
T1 - Cyber-Resilience, Principles, and Practices
AU - Meagher, Hilary
AU - Dhirani, Lubna Luxmi
N1 - Publisher Copyright:
© 2024, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2024
Y1 - 2024
N2 - The increasing cyber-attack and threat landscape has raised security and privacy concerns in industrial and critical infrastructure environments. Data is the most valuable asset for malicious actors, and having intentions to steal, exploit, gain access to any form of encrypted or unencrypted data is their ultimate goal. To protect the data-driven, autonomous, agile, and intelligent smart manufacturing environment, it is essential to have a systematic process for developing a cybersecurity strategy and having an incident response for mitigating potential attacks it may be susceptible to. For developing a robust cyber-strategy, it is significant to understand the sophisticated technologies used within the environment, assess the risks it may be exposed to, implement standards and controls to mitigate those risks, have threat intelligence and an incident response in place, and continuously monitor the ever-changing attack surface. The existing standards, governance, risk, and controls (GRC) may not completely mitigate compliance-based risks in situations of lack of alignment. As one standard may not fit all, each industry needs to have a distinct cybersecurity strategy based on the levels of security (i.e., baseline/moderate/maximum) required, implementation of security standards, and GRC mapped with the industry’s operational environment. Having resilience enables an industry to be proactive and mitigate operation disruption and cyber-risk/shock scenarios. With the help of a manufacturing use-case example, this chapter provides insights and understanding of various potential threat scenarios (i.e., espionage, loss of command and control, compromised data or device, etc.), high-risk concerns that need to be considered for building cyber-resiliency within an industry. Best practices, standards, risks, policies, and alignment with cyber-resilience act and law are also summarized.
AB - The increasing cyber-attack and threat landscape has raised security and privacy concerns in industrial and critical infrastructure environments. Data is the most valuable asset for malicious actors, and having intentions to steal, exploit, gain access to any form of encrypted or unencrypted data is their ultimate goal. To protect the data-driven, autonomous, agile, and intelligent smart manufacturing environment, it is essential to have a systematic process for developing a cybersecurity strategy and having an incident response for mitigating potential attacks it may be susceptible to. For developing a robust cyber-strategy, it is significant to understand the sophisticated technologies used within the environment, assess the risks it may be exposed to, implement standards and controls to mitigate those risks, have threat intelligence and an incident response in place, and continuously monitor the ever-changing attack surface. The existing standards, governance, risk, and controls (GRC) may not completely mitigate compliance-based risks in situations of lack of alignment. As one standard may not fit all, each industry needs to have a distinct cybersecurity strategy based on the levels of security (i.e., baseline/moderate/maximum) required, implementation of security standards, and GRC mapped with the industry’s operational environment. Having resilience enables an industry to be proactive and mitigate operation disruption and cyber-risk/shock scenarios. With the help of a manufacturing use-case example, this chapter provides insights and understanding of various potential threat scenarios (i.e., espionage, loss of command and control, compromised data or device, etc.), high-risk concerns that need to be considered for building cyber-resiliency within an industry. Best practices, standards, risks, policies, and alignment with cyber-resilience act and law are also summarized.
KW - Cyber-resilience
KW - Cybersecurity strategy
KW - Laws and regulations
KW - IT
KW - Operational Technology
KW - standards
KW - GDPR
KW - Privacy
KW - compliance
KW - Auditing
UR - http://www.scopus.com/inward/record.url?scp=85179366208&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-45162-1_4
DO - 10.1007/978-3-031-45162-1_4
M3 - Chapter
AN - SCOPUS:85179366208
T3 - Internet of Things
SP - 57
EP - 74
BT - Internet of Things
PB - Springer Science and Business Media Deutschland GmbH
ER -