
Človeški faktor v kibernetski varnosti energetskih podjetij
ID TURK, MATEJ (Author), ID Sedlar, Urban (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (1,73 MB)
MD5: 1FE0CC50A2F541E8E8024FD0D984EE34

Zagotavljanje zadostne kibernetske varnosti energetskih podjetij je ključno, saj so le ta bistveni del kritične infrastrukture države in so nujno potrebna za nemoteno delovanje družbe. Uspešni napadi na energetsko infrastrukturo imajo lahko velike ekonomske posledice, ogrozi pa se lahko tudi nacionalna varnost. Z avtomatizacijo energetskih sistemov se je povečalo število senzorjev, krmilnikov, merilnikov in ostalih v internet povezanih naprav različnih proizvajalcev. Ti so prevečkrat ranljivi zaradi zastarele programske opreme, ne dovolj varne arhitekture ali uporabe nestandardnih protokolov. Zato se povečuje število možnih točk napada na energetsko infrastrukturo in s tem njihova ranljivost. V diplomski nalogi so prikazane poglavitne ranljivosti energetskih sistemov, vzroki zanje in nakazani možni pristopi za zagotavljanje večje varnosti naprav in energetskega omrežja v celoti. Potrebno je redno izvajanje ocene tveganja, redno spremljanje delovanja sistema in posodabljanje naprav, vpeljevanje nadzornih varnostnih sistemov ter sodelovanje s strokovnjaki s področja kibernetske varnosti Po dostopni literaturi je bila potrjena teza, da največjo ranljivost v celotnem sistemu predstavlja človeški faktor. Zaposleni v energetskem sistemu lahko z namernimi ali nenamernimi dejanji napadalcem omogočijo uspešen vdor. Ključno je, da so zaposleni ustrezno izobraženi in ozaveščeni o varnostnih tveganjih ter da poznajo in upoštevajo postopke, ki zmanjšujejo varnostna tveganja. Podjetja morajo imeti na osnovi krovne varnostne politike in pravilnikov vpeljane jasno opredeljene varnostne ukrepe in postopke v primeru zaznanih incidentov ter redna periodična izobraževanja svojih zaposlenih.

Keywords:kibernetska varnost, energetska podjetja, ranljivost, človeški faktor, dobre prakse, izobraževanje, standardi
Work type:Bachelor thesis/paper
Typology:2.11 - Undergraduate Thesis
Organization:FE - Faculty of Electrical Engineering
PID:20.500.12556/RUL-160698 This link opens in a new window
COBISS.SI-ID:206433283 This link opens in a new window
Publication date in RUL:03.09.2024
Copy citation
Share:Bookmark and Share

Secondary language

Cybersecurity of energy companies is crucial, as they are an essential part of the country’s critical infrastructure and are necessary for the smooth functioning of the society. The successful attacks on the energy infrastructure can have large economic consequences and may also threaten national security. With the automation of energy systems, there is an ever-increasing number of sensors, controllers, meters and other internet-connected devices. These devices are often vulnerable due to the outdated software, insufficiently secure architecture or the use of nonstandard protocols. As a result, the number of possible attack points on the energy infrastructure is increasing, and with it, their vulnerability. In this thesis are presented the main vulnerabilities of energy systems, their causes, and possible approaches to ensure greater security of devices and the energy infrastructure in general. Regular risk assessment, continuous system monitoring, device updates, implementation of security monitoring systems and collaboration with cybersecurity experts are necessary. Based on the available literature, the thesis, which states that the human factor represents the biggest vulnerability in the entire system, was confirmed. The employees in the energy system can enable a successful intrusion by the attackers through intentional or unintentional actions. It is of the utmost importance that employees are properly educated and are aware of security risks and follow proper procedures to reduce them. Companies, based on the overarching security policies and regulations, must establish clearly defined security measures and procedures to respond to detected incidents, as well as periodic training for their employees.

Keywords:cybersecurity, energy companies, vulnerability, human factor, good practices, training, standards

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:
