Krotofil, MarinaMarinaKrotofilKursawe, KlausKlausKursaweGollmann, DieterDieterGollmann2019-12-112019-12-112019Security and Privacy Trends in the Industrial Internet of Things: 3-27 (2019)http://hdl.handle.net/11420/3991We propose controllability, observability, and operability as the core security objectives of a control system, whilst the much-used triad of confidentiality, integrity, and availability captures the security requirements on IT infrastructures. We discuss how the deployment of IT in industrial control systems has changed the attack surface, how this invalidates assumptions about independent failure modes crucial in safety design, and explain why stronger IT infrastructure security does not necessarily imply better ICS security. We show how process physics can be used to carry attack payloads and thus become an instrument for the attacker, and argue that ICS security standards should expand their scope to the physical processes layer.enControllabilityICS securityIIoTIntegrityObservabilityOperabilitySafetyVeracityBook Part10.1007/978-3-030-12330-7_1Other