Professional Documents
Culture Documents
Iot Asg 3 Seminar PPT - Sanjana K (1kt20cs068)
Iot Asg 3 Seminar PPT - Sanjana K (1kt20cs068)
Assignment 3
They are important to understand because they have a direct impact on the
security practice applied to them.
Security Importance: The passage emphasizes that security threats need a consistent and strong
response regardless of their origin (IT or OT).
IT vs. OT Data: IT data is used for business decisions (e.g., process optimization), while OT data
directly controls physical processes (e.g., valve closure, pressure control).
DEPT OF CSE 1
SRI KRISHNA INSTITUTE OF TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
OT Security Concerns: OT security goes beyond traditional IT security as it must also consider
physical safety and environmental factors.
Convergence of IT and OT: Traditionally separate, IT and OT teams are merging, leading to IT-
based solutions like firewalls and IPS being used in OT networks .
DEPT OF CSE 2
SRI KRISHNA INSTITUTE OF TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
DEPT OF CSE 3
SRI KRISHNA INSTITUTE OF TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
Level 5: Enterprise Network: This level deals with high-level business applications like ERP
(Enterprise Resource Planning), CRM (Customer Relationship Management), document
management, and external access points (internet, VPN).
Level 4: Business Planning & Logistics Network: This level handles IT services for business
operations, including scheduling systems, material flow applications, optimization tools, and local
IT services (phone, email, printing, security monitoring).
DMZ: This acts as a buffer zone for controlled data and service exchange between the operational
and enterprise zones. It allows segmentation and restricts traffic flow, ensuring nothing goes
through it directly.
DEPT OF CSE 4
SRI KRISHNA INSTITUTE OF TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
Level 3: Operations & Control: This level manages production workflows, monitors the entire
system, and optimizes control for desired outcomes. It might include production scheduling,
reliability assurance, system-wide control optimization, security & network management, and
essential IT services (DHCP, DNS, timing).
Level 2: Supervisory Control: This level focuses on zone control rooms, controller status,
control system network/application administration, and control-related applications like Human-
Machine Interface (HMI) and historical data management.
Level 1: Basic Control: This level involves controllers, Intelligent Electronic Devices (IEDs),
dedicated HMIs, and other applications working together to manage specific control functions.
Level 0: Process: This level deals with physical devices like sensors, actuators, machines (drives,
motors, robots), which communicate with controllers or IEDs for direct process control.
DEPT OF CSE 5
SRI KRISHNA INSTITUTE OF TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
Safety Critical: This level (if implemented) includes devices, sensors, and equipment dedicated to
managing safety functions within the control system.
DEPT OF CSE 6
SRI KRISHNA INSTITUTE OF TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
IT:
Confidentiality: Protecting sensitive data (e.g., customer information, financial
records) is paramount due to legal, regulatory, and commercial obligations.
DEPT OF CSE 7
SRI KRISHNA INSTITUTE OF TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
OT:
Availability: Maintaining system uptime and ensuring real-time control of physical
processes is the highest priority. Production halts due to security incidents can be very costly.
Integrity: Maintaining data accuracy in control systems for safe and efficient operation is
crucial.
Confidentiality: Protecting confidential data (e.g., proprietary formulations) is important but
might be secondary to availability and integrity.
DEPT OF CSE 8
SRI KRISHNA INSTITUTE OF TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
Security Focus:
IT Security Focus: Driven by past experiences with data breaches and intrusions. Organizations
invest heavily in security tools and personnel to mitigate external threats and minimize internal
malicious activity.
OT Security Focus: Operational Technology (OT) environments, most security issues have been
caused by mistakes made by people rather than intentional attacks from outside sources (hackers).
DEPT OF CSE 9
SRI KRISHNA INSTITUTE OF TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
THANK YOU!!!
DEPT OF CSE 10