The Cyber Security of Automated Environmental Measurements
Rasmus, Kai (2020)
2020
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2020122129787
https://urn.fi/URN:NBN:fi:amk-2020122129787
Tiivistelmä
Online automatic measurements are a way of doing cost effective environmental monitoring. The systems consist of a network of remote measurement stations connected to a central dissemination service via some form of backbone connection over which the user has no control. It is important to secure such systems because the measurement results may be connected to large business interests.
The 12 most important primary and secondary assets related to these systems were identified from the viewpoint of the user. The most important asset was the measurement data itself and data integrity was identified as a separate asset. A list of 32 security controls were listed to secure these assets after the interconnections between the assets were identified. Protocols were introduced to increase the situational awareness and to help against social engineering.
The risks related to connecting measurement stations to a central service were quantitatively analyzed using a Monte Carlo model. It was found that the probability of breaching the central service was independent of the number of nodes connected to the service, but depends on the network layout and on how many stations were directly connected to the central service.
Cyber security awareness was increased by developing the superhero model for cyber security. In this method cyber security events were taken from popular culture and analyzed in a descriptive way using thematic content analysis. Even though this is subjective and speculative, it could help in raising cyber security awareness which is not at a high enough level even amongst professionals.
The 12 most important primary and secondary assets related to these systems were identified from the viewpoint of the user. The most important asset was the measurement data itself and data integrity was identified as a separate asset. A list of 32 security controls were listed to secure these assets after the interconnections between the assets were identified. Protocols were introduced to increase the situational awareness and to help against social engineering.
The risks related to connecting measurement stations to a central service were quantitatively analyzed using a Monte Carlo model. It was found that the probability of breaching the central service was independent of the number of nodes connected to the service, but depends on the network layout and on how many stations were directly connected to the central service.
Cyber security awareness was increased by developing the superhero model for cyber security. In this method cyber security events were taken from popular culture and analyzed in a descriptive way using thematic content analysis. Even though this is subjective and speculative, it could help in raising cyber security awareness which is not at a high enough level even amongst professionals.