Presentation Material
Abstract
Industrial Control Systems (ICS) are no longer an Isolated system. Industrial Control Systems (ICS) are having internet connectivity capabilities. The rise of IIoT/Industry 4.0 has opened the gateway for an adversary to attack the OT environment. The last decade has shown tremendous growth of cyber-attacks on OT/ICS environments ranging from Stuxnet malware to Industroyer, Shamoon, and Triton SIS devices compromise to name a few. As the cyber-related issues are rising, it is necessary to build threat detection and monitoring capabilities for an enterprise to detect and respond to sophisticated cyber threats. This work presents a novel approach for robust monitoring of OT/ICS environment based on the blockchain technology.
AI Generated Summary
The talk presents a blockchain-based operational technology (OT) monitoring solution, termed BB OTMS, designed to address deployment challenges inherent in conventional OT security monitoring systems. Traditional OT monitoring solutions, often integrated with enterprise IT networks (e.g., SIEM), require constructing parallel networks, increase IT/OT connectivity, introduce third-party risk, and create operational gaps between IT and OT teams responsible for incident response.
The proposed architecture eliminates direct connectivity between IT (Purdue levels 4-5) and OT (levels 0-3) environments. Instead, it establishes a separate, decentralized blockchain network—implemented using Hyperledger Fabric—to which both IT and OT stakeholders are granted secure, auditable access. This design leverages core blockchain properties: decentralization removes single points of failure, immutability ensures tamper-proof forensic logs and asset data, and transparency enables secure, authenticated interactions without a central authority. The system functions as an intermediate network for monitoring, bifurcating the traditional IT-OT data flow.
Key benefits include secure third-party vendor access, a robust and immutable cyber threat intelligence database, enhanced network forensics, and reduced attack surface by minimizing direct IT/OT integration. The approach is also applicable to SCADA-specific monitoring. Challenges remain regarding blockchain’s inherent limitations in scalability, processing overhead, and security configuration. While hashgraph is noted as a potentially faster alternative, its patented nature and integration difficulties make it less suitable for this context. The solution assumes a securely configured genesis block and proper privilege management within the blockchain network.