Industrial control systems’ integrations to Operation Technology and Information Technology Security Operation Center
Rajamäki, Ari (2021)
2021
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2021052410764
https://urn.fi/URN:NBN:fi:amk-2021052410764
Tiivistelmä
Risks of cybersecurity incident in the process automation systems have increased because more digitalization and connectivity are added to these environments. Cyber threats and attacks on industrial control systems have affected the enterprise organizations’ risks and business continuity plans.
The risk of losing control system availability, integrity or continuity of critical infrastructure, a chemical process or a larger manufacturing facility is the main reason why these industrial control systems (ICS) are added to the scope of enterprise organizations’ cyber incident risk management plans. Government and agency regulations and guidelines for critical infrastructure protection are driving this change also.
The topic of the thesis assigned by Valmet Automation was security monitoring for awareness, threat detecting requirements and response capabilities for industrial control
system. Constructive research methodology was selected for organization to continuously improve the log management and security monitoring of the ICS products and system deliveries, improve service functionalities and skills needed to support incident response and forensic operations, used, for example, by an asset owner organization’s security operation center (SOC) providers.
Industrial control system’s monitoring interface availability and understanding the contextual security events and response activities can be different depending on the ICS
vendor and the industry process. Customer enterprise SOC organizations require ICS
vendor support and services to integrate and normalize the events of ICS environment to
the SOC’s threat analysis and incident response processes, originally planned for the
enterprise operation information and communication technology (ICT) networks.
The risk of losing control system availability, integrity or continuity of critical infrastructure, a chemical process or a larger manufacturing facility is the main reason why these industrial control systems (ICS) are added to the scope of enterprise organizations’ cyber incident risk management plans. Government and agency regulations and guidelines for critical infrastructure protection are driving this change also.
The topic of the thesis assigned by Valmet Automation was security monitoring for awareness, threat detecting requirements and response capabilities for industrial control
system. Constructive research methodology was selected for organization to continuously improve the log management and security monitoring of the ICS products and system deliveries, improve service functionalities and skills needed to support incident response and forensic operations, used, for example, by an asset owner organization’s security operation center (SOC) providers.
Industrial control system’s monitoring interface availability and understanding the contextual security events and response activities can be different depending on the ICS
vendor and the industry process. Customer enterprise SOC organizations require ICS
vendor support and services to integrate and normalize the events of ICS environment to
the SOC’s threat analysis and incident response processes, originally planned for the
enterprise operation information and communication technology (ICT) networks.