[AWSReInforce2025] Cyber for Industry 4.0: What is CPS protection anyway? (NIS123)
Lecturer
Sean Gillson serves as Global Head of Cloud Alliances at Claroty, architecting solutions that bridge IT and OT security domains. Gillson Wilson leads the Security Competency for GSIs and ISVs at AWS, driving partner-enabled protection for cyber-physical systems across industrial environments.
Abstract
The presentation defines cyber-physical systems (CPS) protection within the context of IT/OT convergence, examining threat vectors that exploit interconnected industrial assets. Through architectural patterns and real-world deployments, it establishes specialized controls that maintain operational continuity while enabling digital transformation in manufacturing, energy, and healthcare sectors.
CPS Threat Landscape Evolution
Cyber-physical systems encompass operational technology (OT), IoT devices, and building management systems that increasingly connect to enterprise networks. This convergence delivers efficiency gains—predictive maintenance, remote monitoring, sustainability optimization—but expands the attack surface dramatically.
Traditional IT threats now target physical processes:
- Ransomware encrypting PLC configurations
- Supply chain compromise via firmware updates
- Insider threats leveraging legitimate remote access
The 2021 Colonial Pipeline incident exemplifies how IT breaches cascade into physical disruption, highlighting the need for unified security posture.
IT/OT Convergence Architectural Patterns
Successful convergence requires deliberate segmentation while preserving data flow:
Level 0: Physical Processes → PLC/RTU
Level 1: Basic Control → SCADA/DCS
Level 2: Supervisory Control → Historian
Level 3: Operations → MES
Level 4: Business → ERP (IT Network)
Claroty implements micro-segmentation at Level 2/3 boundary using AWS Transit Gateway with Network Firewall rules that permit only known protocols (Modbus, OPC-UA) between zones.
Asset Discovery and Risk Prioritization
Industrial environments contain thousands of unmanaged devices. Claroty’s passive monitoring identifies:
- Device inventory with firmware versions
- Communication patterns and dependencies
- Vulnerability mapping to CVSS and EPSS scores
{
"asset": "Siemens S7-1500",
"firmware": "V2.9.2",
"vulnerabilities": ["CVE-2023-1234"],
"risk_score": 9.2,
"business_criticality": "high"
}
This contextual intelligence enables prioritization—patching a chiller controller impacts comfort; patching a turbine controller impacts revenue.
Secure Remote Access Patterns
Industry 4.0 demands remote expertise. Traditional VPNs expose entire OT networks. The solution implements:
- Zero-trust access via AWS Verified Access
- Session recording and justification logging
- Time-bound credentials tied to change windows
Engineers connect to bastion hosts in DMZ segments; protocol translation occurs through data diodes that permit only outbound historian data.
Edge-to-Cloud Security Fabric
AWS IoT Greengrass enables secure edge processing:
components:
- com.claroty.asset-discovery
- com.aws.secure-tunnel
local_storage: /opt/ot-data
Devices operate autonomously during connectivity loss, syncing vulnerability state when reconnected. Security Hub aggregates findings from edge agents alongside cloud workloads.
Regulatory and Compliance Framework
Standards evolve rapidly:
- IEC 62443: Security levels for industrial automation
- NIST CSF 2.0: OT-specific controls
- EU NIS2 Directive: Critical infrastructure requirements
The architecture generates compliance evidence automatically—asset inventories, access logs, patch verification—reducing audit preparation from months to days.
Conclusion: Unified Security for Digital Industry
CPS protection requires specialized approaches that respect operational constraints while leveraging cloud-native controls. The convergence of IT and OT security creates resilient industrial systems that withstand cyber threats without compromising production. Organizations that implement layered defenses—asset intelligence, micro-segmentation, secure remote access—achieve Industry 4.0 benefits while maintaining safety and reliability.