COP_2023_V7_pages
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
5.9 CYBER SECURITY<br />
5.9.1 Cyber security is a process used to control and protect an organisation’s computer systems, networks, and data<br />
from, and reduce the risk of, Cyberattack.<br />
5.9.2 Cyber security's core function is to protect the devices we use (smartphones, laptops, tablets, computers, network<br />
and routers), data and the services we access - both online and at work - from theft, damage or unauthorised<br />
access.<br />
5.9.3 The traditional approach to cyber security focuses on the protection of data and controlling access to the IT<br />
systems components. Advanced technology such as “smart” equipment and the Internet of Things (IoT) have<br />
changed how IT is integrated into systems and is deployed and operated. These new systems, which are<br />
complicated, connected and can generate large amounts of data now demand a much more comprehensive<br />
cyber security approach. It is no longer sufficient for a cyber security system to consider just the IT system; it<br />
must also take account of the operational technology (OT) system. This is generally referred to as IT/OT<br />
convergence.<br />
5.10 IT/OT CONVERGENCE<br />
5.10.1 IT/OT convergence is the integration of information technology (IT) systems with operational technology (OT)<br />
systems. IT systems are used for data-centric computing; OT systems monitor events, processes and devices,<br />
and make adjustments in enterprise and industrial operations.<br />
5.11 THE DIFFERENCE BETWEEN IT AND OT<br />
5.11.1 Traditional IT cyber security protects the IT system and data held in it but OT cyber security protects the complete<br />
system (vessel, people and environment).<br />
5.11.2 The traditional, IT based, definition of cyber security can be stated as: “Technologies, processes, and practices<br />
designed to prevent malware from doing damage or harm to networks, computers, programs, or data.”<br />
5.11.3 But modern, distributed, interconnected remote systems demand a more comprehensive and robust OT based<br />
cyber security system which can be defined as:<br />
n Technologies, processes, and practices designed to prevent the intended or unintended use of a cyber<br />
technology system to do damage to the cyber technology (networks, computers, programs, data), and vessel<br />
or harm to people, and environment.”<br />
5.11.4 To achieve this level of protection we need to be able to verify the satisfactory performance of the OT cyber<br />
security system by:<br />
n Ensuring correct, safe, efficient and reliable operation through Software quality engineering.<br />
n Preventing malicious and non-malicious threats through the cyber security system.<br />
5.11.5 Functional testing will help assess a system against “known” errors or threats but makes no allowance for, as<br />
yet, unknown events. Using a maturity model provides ongoing monitoring, assessment and improvement to a<br />
cyber security system and will help defend against these unknown events.<br />
MASS UK Industry Conduct Principles and Code of Practice Version 7 41