Lecture #6 - IT/OT-Security Aspects for CPPS

Question 1

What is the difference between IT and OT security

Answer 1

Information Technology Security:

• IT security primary deals with safeguarding the information, data and computing resources used in traditional business operations.

Operational Technology Security:

• OT security is focused on safeguarding the critical infastructure and operational systems used in industrial settings, such as manufacturing, energy production, transportation and utilities.

Question 2

What is Pipedream 2022

Answer 2

1. A toolkit that provides a wide range of functionality for malicious actors.
2. 7th known ICS-specific malware
3. Potentially vulnerable systems and devices:

• Windows
• OPC-UA

Question 3

What are the biggest causes of OT vulnerability?

Answer 3

1. Compromised Credentials; Bad password
2. Firmware manipulation

Question 4

What is the IEC 62445

Answer 4

The only existing cyber security in IT and OT cyber security production systems

Question 5

What happens when the cycle is manipulated between layers

Answer 5

The real model needs to be in parallel and be in sync with the virtual model.

If the simulation’s cycle times between layers can be manipulated, then DT won’t know whether to trust the real or virtual system.

Question 6

Name and describe the three major security aspects for AAS

Answer 6

1. Identification; name, social security number

• We need a name or a number that identifies us.
• Identify a SW application or person e.g. username, email address.

2. Authenticate; password

• Authenticate that it is you! Password for example.

3. Authorisation; access or roles

• Getting thrown out in your ILIAS course.
• What you’re allowed to do, or say.
• When it comes to roles, you have permissions; change, delete, overwrite, store, view-only

-

Question 7

Describe the concept of Symmetric key cryptogrophy

Answer 7

1. Symmetric key cryptography, uses the same key to encrypt and decrypt data.
2. User A and B have negotiated the same key. Encryption and decryption process is as follows:
3. User A uses the symmetric key to encrypt data and send the encrypted data to user B.
4. User B decrypts the data using the symmetric key and gets the original data.

Question 8

Explain private key infastructure

Answer 8

1. Private key uses different keys (public and private) for data encryption and decryption.
2. Public key; open to public
3. Private; possessed by only the owner.

1. Two keys created at the same time
2. User A sends a message and uses a public key for encrypting. Not his own, but user B (receiver).
3. Receiver creates a private and public key.
4. The private key then decrypts it, which is turned back into plain text.

Question 9

Explain what hashing is

Answer 9

Hashing is the process of transforming any given key or a string of character into another value.

Question 10

Explain what a digital signature is

Question 11

Explain what the EU cyber resilience act is

Answer 11

1. Going to be implemented in 2024
2. Every product with digital elements will be designed in such a way that they ensure an appropriate level of cybersecurity based on the risks

Question 12

Name one form of hashing

Answer 12

One form of hashing can be seen as shows:

17 -> 8

So, hashing is basically translating one language into another.

Question 13

Explain the role of the public key

Answer 13

The public key in the encrypts in the private key infastructure

Question 14

Explain the role of the private key

Answer 14

1. Stored in your own world.
2. Only able to decrypt message that was encrypted by public key.