Layered Blueprints – A Method for Engineering OT Security

Main Stage

When designing a process or its automation system, engineers make use of well-established ontologies like piping and instrumentation diagrams. They ensure engineers document their solutions in a way everybody understands and enables focused discussions about contents rather than definitions and wording. Translated into machine-readable description languages, they can even be used to directly connect discussing, engineering, and implementing OT security solutions.

For OT Security, there is no such ontology available yet. OT Security is mostly engineered by either automation engineers or IT professionals. Both think in terms and models of their respective professions, leaving OT Security with at least two sets of ontologies both insufficient for describing its problems.

The ontology based OT security engineering method presented in this session fills this gap. The session will propose an ontology for engineering and discussing secure OT architectures. However, it does not stop at modeling and describing, but also includes a method for structuring OT Security problems and engineering OT Security solutions. The ontology and method consists of four layers of blueprints, each of which includes a network architecture visualization and additional documentation. And, it will hint to an approach for a machine-readable representation of the layered blueprints making use of description languages like AutomationML and OWL. This reduces the barrier between planning and implementation because the same language can be used throughout the entire OT security engineering process and ideas can easily be visualized and shared.

Secure Design & Dev