Optimizing Cyber-Physical System Visibility and Business Needs

This technical report discusses the evolving landscape of cyber-physical system (CPS) visibility, particularly focusing on the limitations of passive traffic inspection methods. It outlines how passive collection has become a standard due to its non-intrusive nature, allowing for machine-to-machine communication analysis without operational disruption. However, the report challenges this norm by highlighting the shortcomings of passive-only approaches, such as high hardware costs, configuration challenges, and incomplete traffic inspection. It presents a novel approach that incorporates non-passive collection methods, including Safe Queries, which can achieve comparable visibility without the drawbacks of passive techniques. The report emphasizes the importance of asset visibility quality in CPS security programs and introduces a taxonomy for assessing visibility depth. By cataloging various collection methods, the report aims to provide organizations with insights into balancing capability and value in their CPS cybersecurity strategies.