Annually the American Centre for Disease Control and Prevention (CDC) reports a sixth of Americans suffer from food borne illnesses, causing 3000 deaths a year. To reduce the number of incidents, the US established legislation to limit risk by setting standard methodology in production. The legislation requires the provision of well maintained records throughout the manufacturing process, allowing traceability of a product’s manufacture from farm to table, identifying areas of concern and informing decisions when mitigating problem areas. Similarly, the EU produced the General Food Law Regulation in 2002, requiring standards met with upkeeping records of food they supplied and received. Digitalisation aids these obligations by recording product data and increases productivity by automating processes of highly specialised manufacturing.
Purdue Model: Intelligently Segregating Your OT Networks
The modern OT threat landscape is growing due to the significant rise of interconnected network devices. OT is particularly vulnerable given the need for high availability and integrity, at the expense of confidentiality (which is at odds with the priorities in an IT environment). Following the Purdue model helps mitigate the risk of compromise by not allowing different types of devices to operate on the same subnet (eg: manufacturing devices and databases). Consequently, it is referenced in key compliance standards such as IEC62443 and OG86 as a practice to be implemented.
OG86 - The Health and Safety Executive's Guidance for Industrial Network Security
OG86 is Operational Guidance issued by the Health & Safety Executive (the UK government agency tasked with regulating and enforcing health and safety in the workplace) to mitigate the risk of cyber-attacks that could result in health and safety incidents, major accidents and/or the loss of essential services.
The Cyber Assessment Framework - What is it and What Does it Mean for You?
The Cyber Assessment Framework (CAF) is a collection of 14 guidelines produced by the United Kingdom National Cyber Security Centre (UK NCSC) aimed to support organisations in developing their cyber security systems. This is used in conjunction with the UK implementation of the EU Network and Information Systems Directive (NIS-D) to further protect Critical National Infrastructure (CNI); however the framework is designed in such a way that it can be applied to a wider range of organisations.