The master's thesis presents a solution for ensuring cybersecurity in operational technology (OT) environment.
For a long time, operational technology systems were isolated from outside systems. With the automation of industry, operational technology systems had to be integrated with information technology systems (IT). The software and protocols in the operational technology are outdated and were created without security mechanisms. By integrating operational technology with outside systems, it becomes subject to new cyber attacks. Replacing the equipment is too expensive, updates are unwanted due to potential side effects and the systems must be secured, because operational technology makes up industrial and critical infrastructure. Newer malware bypasses traditional cybersecurity mechanisms, so OT systems need to be protected differently than before.
In the master's thesis, we tested and compared cybersecurity tools in operational technology, namely Wireshark, Nozomi, Radiflow and Snort. Currently, the best solution is to use an intrusion prevention system and, in parallel, an anomaly detection system with built-in machine learning and deep packet inspection. This solution works in practice because operational technology traffic is mostly periodic and unencrypted. The same solution wouldn't work in the IT domain as the network traffic there is aperiodic and unencrypted, therefore it's not possible to build an accurate model of normal network behaviour and to perform deep packet inspection. The idea of using an anomaly detection system is to detect malware while it's in the network learning phase and long before it executes an attack.
|
