A Cyber-Security Strategy for Internationally-dispersed Industrial Networks

摘要

Globalization implies geographically dispersed supply chains composed of facilities strategically located in several countries and regions of the world. These structures commonly involve several Operational Technology (OT) and Information Technology (IT) infrastructures and integration to enable accurate and useful information processing. Such integration (also called Cyber-Physical Systems) transforms the industry and facilitates massive data volumes' systematic transformation into valuable information. Security risks posed by such integration may be substantial and, depending on the size of the company, and the number of integration points, dealing with them could easily cost millions of dollars. With the main objective of studying available strategies to manage security risks in companies with dispersed supply chains, this paper reviews international cyber-security standards and regulations and proposes a more comprehensive strategy. The strategy includes IT services, optimized perimeter segregation, and data flow policies among OT and IT networks to balance a high level of protection and cost-effectiveness.