Assessing cybersecurity at an industrial unit 4.0

Detalhes bibliográficos
Autor(a) principal: Santos, Silvino Pires dos
Data de Publicação: 2023
Tipo de documento: Dissertação
Idioma: por
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/20.500.11960/3431
Resumo: The last 20 years have emerged significant developments in industrial production and development, with new technologies, networks and emerging production systems due to the development of the internet and new distributed adaptive production systems. These architectures resulted in improved service activities, new business models and increased demand and offering of goods, resulting in fewer interactions among production system participants. The convergence of IT/OT environments has increased the complexity and vulnerability of previously isolated OT/ICS networks, and the growing need to expand automation in the industry creates a big challenge in terms of cybersecurity. In this context, how can we identify suspicious activity, assess risks and help prevent downtime in an increasingly technological industry? For this thesis, data collected through an online survey on the subject of convergence in the national industry was analyzed in order to know if this subject, from the perspective of professionals, deserves the attention of the organizations where they develop their professional activity with technologies of IT/OT. A set of real cases and the consequences of serious security failures that occurred in the period between 2021 and 2023, increasingly common, with an impact on the global industry, are identified and analyzed. The technological complexity that results from the convergence between information technology (IT) and Operational Technology (OT) is analyzed, highlighting in practice the challenges for which cybersecurity has to prepare itself in order to develop effective and context-adjusted responses under review. The biggest challenge lies in the cyber-secure integration of data-centric computing technologies in the IT systems with the monitoring of events, processes and devices in the OT systems. After analyzing the complexity of the IT/OT technologies essential for Industry 4.0, we recommend a careful reading of the set of frameworks described in this document about internationally recognized good practices in cybersecurity. Regular access to public databases, described in this document, on risk patterns and fundamental vulnerabilities is recommended for the development of an updated cybersecurity strategy. Finally, good practices are described to analyze, frame and apply to avoid risk situations by monitoring the trend of cybersecurity incidents, known software flaws, as well as vulnerabilities and associated risks, which can result in ransomware and its associated consequences.
id RCAP_8748e4a453de5fe5d4bd7bd32ec2a129
oai_identifier_str oai:repositorio.ipvc.pt:20.500.11960/3431
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Assessing cybersecurity at an industrial unit 4.0Industry 4.0IT/OT convergenceSecurity assessmentSmart manufacturingIndústria 4.0Convergência de IT/OTAvaliação de segurançaManufatura inteligenteThe last 20 years have emerged significant developments in industrial production and development, with new technologies, networks and emerging production systems due to the development of the internet and new distributed adaptive production systems. These architectures resulted in improved service activities, new business models and increased demand and offering of goods, resulting in fewer interactions among production system participants. The convergence of IT/OT environments has increased the complexity and vulnerability of previously isolated OT/ICS networks, and the growing need to expand automation in the industry creates a big challenge in terms of cybersecurity. In this context, how can we identify suspicious activity, assess risks and help prevent downtime in an increasingly technological industry? For this thesis, data collected through an online survey on the subject of convergence in the national industry was analyzed in order to know if this subject, from the perspective of professionals, deserves the attention of the organizations where they develop their professional activity with technologies of IT/OT. A set of real cases and the consequences of serious security failures that occurred in the period between 2021 and 2023, increasingly common, with an impact on the global industry, are identified and analyzed. The technological complexity that results from the convergence between information technology (IT) and Operational Technology (OT) is analyzed, highlighting in practice the challenges for which cybersecurity has to prepare itself in order to develop effective and context-adjusted responses under review. The biggest challenge lies in the cyber-secure integration of data-centric computing technologies in the IT systems with the monitoring of events, processes and devices in the OT systems. After analyzing the complexity of the IT/OT technologies essential for Industry 4.0, we recommend a careful reading of the set of frameworks described in this document about internationally recognized good practices in cybersecurity. Regular access to public databases, described in this document, on risk patterns and fundamental vulnerabilities is recommended for the development of an updated cybersecurity strategy. Finally, good practices are described to analyze, frame and apply to avoid risk situations by monitoring the trend of cybersecurity incidents, known software flaws, as well as vulnerabilities and associated risks, which can result in ransomware and its associated consequences.Nos últimos 20 anos surgiram desenvolvimentos significativos na produção e desenvolvimento industrial, com novas tecnologias, redes e sistemas de produção emergentes devido ao desenvolvimento da internet e novos sistemas de produção adaptativos distribuídos. Essas arquiteturas resultaram em melhores atividades de serviço, novos modelos de negócios e aumento da demanda e oferta de bens, resultando em menos interações entre os participantes do sistema de produção. A convergência de ambientes de IT/OT aumentou a complexidade e vulnerabilidade de redes OT/ICS anteriormente isoladas, e a crescente necessidade de expandir a automação na indústria cria um grande desafio em termos de segurança cibernética. Nesse contexto, como identificar atividades suspeitas, avaliar riscos e ajudar a prevenir paradas em um setor cada vez mais tecnológico? Para esta tese, foram analisados dados recolhidos através de um inquérito online sobre o tema da convergência na indústria nacional, de forma a saber se este tema, na perspetiva dos profissionais, merece a atenção das organizações onde desenvolvem a sua atividade profissional com tecnologias de IT/OT. São identificados e analisados um conjunto de casos reais e as consequências de falhas graves de segurança ocorridas no período entre 2021 e 2023, cada vez mais comuns, com impacto na indústria à escala global. Analisa-se a complexidade tecnológica que resulta da convergência entre tecnologias de informação (IT) e tecnologias operacionais (OT), destacando na prática os desafios para os quais a cibersegurança tem de se preparar de forma a desenvolver respostas eficazes e ajustadas ao contexto em análise. O maior desafio está na integração ”cibersegura” de tecnologias de computação centradas em dados nos sistemas de IT com a monitorização de eventos, de processos e de dispositivos nos sistemas OT. Depois de analisar a complexidade das tecnologias IT/OT essenciais para a Indústria 4.0, recomenda-se uma leitura atenta do conjunto de frameworks descritos neste documento sobre boas práticas internacionalmente reconhecidas em cibersegurança. Bem como do acesso regular às bases de dados públicas, descritas neste documento, sobre padrões de risco e vulnerabilidades fundamentais essenciais para o desenvolvimento de uma estratégia de cibersegurança atualizada. Por fim, são sugeridas, um conjunto de boas práticas para analisar, enquadrar, e aplicar na estratégia de cibersegurança de uma organização, para evitar situações de risco, monitorizando a tendência de incidentes de cibersegurança, de falhas de software conhecidas, de vulnerabilidades e riscos associados, que podem resultar, por exemplo, em ransomware com as suas consequências associadas.2023-07-24T15:34:32Z2023-04-17T00:00:00Z2023-04-17info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/20.500.11960/3431TID:203332679porSantos, Silvino Pires dosinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-07-27T06:46:22Zoai:repositorio.ipvc.pt:20.500.11960/3431Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T20:09:48.814744Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Assessing cybersecurity at an industrial unit 4.0
title Assessing cybersecurity at an industrial unit 4.0
spellingShingle Assessing cybersecurity at an industrial unit 4.0
Santos, Silvino Pires dos
Industry 4.0
IT/OT convergence
Security assessment
Smart manufacturing
Indústria 4.0
Convergência de IT/OT
Avaliação de segurança
Manufatura inteligente
title_short Assessing cybersecurity at an industrial unit 4.0
title_full Assessing cybersecurity at an industrial unit 4.0
title_fullStr Assessing cybersecurity at an industrial unit 4.0
title_full_unstemmed Assessing cybersecurity at an industrial unit 4.0
title_sort Assessing cybersecurity at an industrial unit 4.0
author Santos, Silvino Pires dos
author_facet Santos, Silvino Pires dos
author_role author
dc.contributor.author.fl_str_mv Santos, Silvino Pires dos
dc.subject.por.fl_str_mv Industry 4.0
IT/OT convergence
Security assessment
Smart manufacturing
Indústria 4.0
Convergência de IT/OT
Avaliação de segurança
Manufatura inteligente
topic Industry 4.0
IT/OT convergence
Security assessment
Smart manufacturing
Indústria 4.0
Convergência de IT/OT
Avaliação de segurança
Manufatura inteligente
description The last 20 years have emerged significant developments in industrial production and development, with new technologies, networks and emerging production systems due to the development of the internet and new distributed adaptive production systems. These architectures resulted in improved service activities, new business models and increased demand and offering of goods, resulting in fewer interactions among production system participants. The convergence of IT/OT environments has increased the complexity and vulnerability of previously isolated OT/ICS networks, and the growing need to expand automation in the industry creates a big challenge in terms of cybersecurity. In this context, how can we identify suspicious activity, assess risks and help prevent downtime in an increasingly technological industry? For this thesis, data collected through an online survey on the subject of convergence in the national industry was analyzed in order to know if this subject, from the perspective of professionals, deserves the attention of the organizations where they develop their professional activity with technologies of IT/OT. A set of real cases and the consequences of serious security failures that occurred in the period between 2021 and 2023, increasingly common, with an impact on the global industry, are identified and analyzed. The technological complexity that results from the convergence between information technology (IT) and Operational Technology (OT) is analyzed, highlighting in practice the challenges for which cybersecurity has to prepare itself in order to develop effective and context-adjusted responses under review. The biggest challenge lies in the cyber-secure integration of data-centric computing technologies in the IT systems with the monitoring of events, processes and devices in the OT systems. After analyzing the complexity of the IT/OT technologies essential for Industry 4.0, we recommend a careful reading of the set of frameworks described in this document about internationally recognized good practices in cybersecurity. Regular access to public databases, described in this document, on risk patterns and fundamental vulnerabilities is recommended for the development of an updated cybersecurity strategy. Finally, good practices are described to analyze, frame and apply to avoid risk situations by monitoring the trend of cybersecurity incidents, known software flaws, as well as vulnerabilities and associated risks, which can result in ransomware and its associated consequences.
publishDate 2023
dc.date.none.fl_str_mv 2023-07-24T15:34:32Z
2023-04-17T00:00:00Z
2023-04-17
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/20.500.11960/3431
TID:203332679
url http://hdl.handle.net/20.500.11960/3431
identifier_str_mv TID:203332679
dc.language.iso.fl_str_mv por
language por
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799133346125578240

Registros relacionados