IoT & Supply chain attacks

Question 1

security vs safety

Answer 1

safety: protection against random incidents
security: protection against intended incidents planned by an attacker

Question 2

Consequences of Complex adaptive systems CAS

Answer 2

• new & innovative attacks
• predictability of attacks decreases
• remote effects: increased attacks on subsystems and suppliers

Question 3

Terminology OT/IT/IOT/IIOT/ISC

Answer 3

• IT Information Technology: entire spectrum of technology for information processing
• OT Operational Technology: Hardware and software that controls physical devices
• ISC Industrial Control Systems: monitoring and controlling physical industrial processes
• IoT Internet of Things: global network of smart physical objects
• IIoT Internet of Industrial Things: Subset of IoT specific industry

Question 4

IT vs OT requirements

Answer 4

IT: confidentiality & Integrity are crucial, availability is only important, rapid response to threats, easily updated
OT: availability and integrity is crucial, confidentiality not, slow response to threats, legacy or unsupported infrastructure

Question 5

Novel Attacks & Risks, Ex

Answer 5

Strava heatmap reveals sensitive info about military bases and details about service members

Question 6

Cyber Safety norms

Answer 6

1. define criteria to identify critical goods
2. develop min. integrity and security requ.
3. provide standard contractual security agreement for suppliers of crit. goods. eg. accounts must be declared, bug bounty programm
4. testing