| Popis: |
As IT/OT convergence continues to evolve, the traditionally isolated ICS/OT systems are increasingly exposed to a myriad of online and offline threats. Although IIoT enhances the reachability in ICS, improved data analytics, ensuring ease of access and decision making, it unwittingly opens the ICS environment to attackers. The design of IIoT introduces multiple entry points to an isolated system, which is used to protect itself via air-gapping and risk avoidance strategies. This study explores a comprehensive mapping of threats and risks for IT/OT convergence. Additionally, we propose IIoT-ARAS - an automated risk assessment system based on OCTAVE Allegro and ISO/IEC 27030 methodologies. The design of IIoT-ARAS is aimed to be agentless, with minimum interruptions to the OT environment. Furthermore, the system performs automated regular asset inventory checks, threshold optimization, probability computation, risk evaluations, and contingency plan configuration. |
