Security objectives for OT environments such as energy delivery systems are prioritized in the following order: integrity (including safety), availability, and confidentiality. Proper selection and implementation of cryptography technology will assist control system security professionals to achieve these objectives. Improper selection and application by borrowing IT cryptography solutions for energy delivery systems introduces significant challenges as they add complexity and limitations to the system. In any system, whether IT or OT, improper security control application can provide a false sense of security and introduce more risk than benefit. We will discuss the challenges and differences of cryptography between IT and OT systems. Our collaboration will refine a complete list of cryptography requirements better suited for the OT environments such as an energy delivery system.
Dennis Gammel is a graduate of the University of Idaho with a B.S. in Applied Mathematics and has been actively working in the computing and communications industries since 1996. His career experience includes network security design, ICS network architecture, embedded product development, ASIC simulation, and firmware design with RTOS application development. Dennis is presently a research and development director at Schweitzer Engineering Laboratories, Inc. (SEL), responsible for the security technology designed for and implemented in SEL product lines. He has been with SEL since March 2005 and carries with him 20 years of secure firmware and network engineering experience.