Towards successful technology introductions : executive summary

Turner, Suzanne N.

January 1998

No description available.

658

Operational technology; Change projects

An exploration of the need of OT governance and the adaption of IT governance frameworks to fulfil this requirement

De Villiers, Peter

04 1900

Thesis (MBA)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: Corporate governance codes such as King III are focussing on IT governance due to the strategic nature of IT systems and the impact security breaches or failure of IT systems can have on a company’s sustainability. The convergence of Operational Technology (OT) and IT brings about both risks and opportunities for OT systems, while further entrenching their strategic nature within organisations. These systems are therefore key to the sustainability of an organisation and this necessitates the extension of sound governance not only to IT but also to OT. In many organisations, due to the previously closed or proprietary nature of OT systems, no governance controls or frameworks have traditionally been needed or put in place for OT systems. The aim of this research was to explore whether the lack of OT governance controls or framework within OT reliant organisations could be addressed by adapting and implementing leading IT governance models for OT systems due to the convergence between traditional IT and OT. The research methodology employed was a literature review followed by the selection and adaptation of a leading IT governance framework for OT governance. Additional data regarding OT incidents was gathered from the author’s own organisation and documented as mini case studies to determine if OT governance could have mitigated or minimised the impact of the documented OT incidents. The research showed that IT and OT are converging on two fronts, firstly due to integration between IT and OT and secondly due to the sharing of common technologies at a hardware, software and network layer. The research also indicated that the security risks facing IT continue to grow in number and sophistication. By extension, due to the technology convergence, these risks are now extending to OT systems, adding to the risks already facing OT systems. Leading corporate governance codes are espousing holistic governance to ensure the sustainability of an enterprise. Certain codes such as King III from South Africa have specifically called out IT governance as a key element of a holistic governance practice. Due to the convergence between IT and OT as well as the increasing risk, the lack of governance in OT can have a material impact on the sustainability of an OT reliant enterprise, necessitating the extending of governance to cover not only IT but OT as well. The research showed that a leading IT governance framework such as COBIT 5 can be applied to OT with little or no adaptation firstly due to the closeness between IT and OT brought about by the convergence between IT and OT, and secondly due to the way that COBIT 5 has been developed to serve as an overarching governance framework that can be adapted and applied by Enterprises to suit their unique requirements, one of which could be OT governance.

Operational technology

Corporate governance

Information technology

UCTD

Exploring Industry Cybersecurity Strategy in Protecting Critical Infrastructure

Boutwell, Mark

01 January 2019

Successful attacks on critical infrastructure have increased in occurrence and sophistication. Many cybersecurity strategies incorporate conventional best practices but often do not consider organizational circumstances and nonstandard critical infrastructure protection needs. The purpose of this qualitative multiple case study was to explore cybersecurity strategies used by information technology (IT) managers and compliance officers to mitigate cyber threats to critical infrastructure. The population for this study comprised IT managers and compliance officers of 4 case organizations in the Pacific Northwest United States. The routine activity theory developed by criminologist Cohen and Felson in 1979 was used as the conceptual framework. Data collection consisted of interviews with 2 IT managers, 3 compliance officers, and 25 documents related to cybersecurity and associated policy governance. A software tool was used in a thematic analysis approach against the data collected from the interviews and documentation. Data triangulation revealed 4 major themes: a robust workforce training program is crucial, make infrastructure resiliency a priority, importance of security awareness, and importance of organizational leadership support and investment. This study revealed key strategies that may help improve cybersecurity strategies used by IT and compliance professionals, which can mitigate successful attacks against critical infrastructure. The study findings will contribute to positive social change through an exploration and contextual analysis of cybersecurity strategy with situational awareness of IT practices to enhance cyber threat mitigation and inform business processes.

Compliance

Cybersecurity

Information Technology

Infrastructure

Operational Technology

Databases and Information Systems

Operational technology definition and differentiation : In the context of operational systems in Sweden

Nyqvist, Jennifer

January 2020

ICS, short for Industrial Control Systems, can be a part of the electrical and water supplies among others, which are important instances for society. This all resides in the realm of Operational technology, abbreviation OT. Due to technological development, Information Technology i.e. IT is introduced and merged into the realm of industrial systems, because of society’s increasing dependencies on digital infrastructures and services.ICS and Supervisory Control and Data Acquisition (SCADA) systems are rather well known and reputable. In the realm of OT, there’s a range of different systems, and ICS itself encompasses a range of process automation technologies, such as SCADA systems and Distributed Control Systems (DCS) among others.This paper aims to try to define and differentiate a distinct boundary of systems without any connection to IT and can be considered purely OT, if they exist at all. This by conducting an interview with people working for governmental agencies with an eminent amount of experience in the realm of OT. What kind of systems are currently in operation today that don’t fit into the realm of ICS, do they exist at all and how do they work?The definition and differentiation of OT may indicate a subset of systems and components, and terminologies of systems in the OT-realm are misused, indicating a lack of insight in this realm of industrial systems.

industrial systems

operational technology

SCADA

ICS

digitalization

Information Systems

Applying information security to the operational technology environment and the challenges it brings

Holmström, Anton

January 2021

Information security risks in the operational technology (OT) environment is becoming legitimate challenges for businesses pursing an industrial digitalisation. IT and OT di˙erences reach across managerial, technical and operational aspects, creating unique challenges in developing a suÿcient security posture. The goal of the study is to gain an understanding of the challenges businesses face when applying information security in the operational technology environment in the context of an increased connectivity to the IT environment. In order to understand how information security is adapted to an OT environment, semi-structured interviews was conducted with respondents working with information security in process and production industries. These findings suggest that businesses tends to view the interconnection of IT and OT as two separate environments rather than one shared, which is causing managerial challenges when adapting an information security strategy to cover both the IT and the OT aspect of an organisation.

Operational Technology

Information Security

Risk Management

IT/OT Convergence

Digitalisation

Industry 4.0

Information Systems, Social aspects

Covert Cognizance: Embedded Intelligence for Industrial Systems

Arvind Sundaram (13883201)

07 October 2022

<p>Can a critical industrial system, such as a nuclear reactor, be made self-aware and cognizant of its operational history? Can it alert authorities covertly to malicious intrusion without exposing its  defense  mechanisms?  What  if  the  intruders  are  highly  knowledgeable  adversaries,  or  even  insiders that may have designed the system? This thesis addresses these research questions through a novel physical process defense called Covert Cognizance (C2). </p> <p>C2  serves  as  a  last  line  of  defense  to  industrial  systems  when  existing  information  and  operational technology defenses have been breached by advanced persistent threat (APT) actors or insiders. It is an active form of defense that may be embedded in an existing system to induce intelligence,  i.e.,  self-awareness,  and  make  various subsystems  aware  of  each  other.  It  interacts with the system at the process level and provides an additional layer of security to the process data therein without the need of a human in the loop. </p> <p>The C2 paradigm is  founded on two core requirements – zero-impact and zero-observability. Departing from contemporary active defenses, zero-impact requires a successful implementationto leave no footprint on the system ensuring identical operation while zero-observability requires that the embedding is immune to pattern-discovery algorithms.  In other words, a third-party such as  a  malicious  intruder  must  be  unable  to  detect  the  presence  of  the  C2  defense  based  on  observation of the process data, even when augmented by machine learning tools that are adept at pattern discovery. </p> <p>In the present work, nuclear reactor simulations are embedded with the C2 defense to induce awareness across subsystems and defend them against highly knowledgeable adversaries that have bypassed existing safeguards such as model-based defenses.  Specifically, the subsystems are made aware  of  each  other  by  embedding  critical information from  the  process  variables  of  one sub-module  along  the  noise of  the  process  variables  of  another,  thus  rendering  the  implementation  covert and  immune  to  pattern  discovery.   The  implementation  is  validated  using  generative adversarial  nets,  representing  a  state-of-the-art  machine  learning  tool,  and  statistical  analysis  of  the  reactor  states,  control  inputs,  outputs  etc. The  work  is  also  extended  to  data  masking  applications  via  the  deceptive  infusion  of  data  (DIOD)  paradigm.  Future  work  focuses  on  the  development of automated C2 modules for “plug ‘n’ play” deployment onto critical infrastructure and/or their digital twins.</p>

Covert Cognizance

Operational Technology

Cyber-physical Systems

Cybersecurity

Artificial Intelligence

Embedded Systems

Simulace komunikační části moderních průmyslových sítí / Simulation of communication part of modern industrial networks

Beneš, Pavel

January 2020

The thesis is focused on simulating of protocols from standard IEC 61850 in simulation tool OMNeT++. The theoretical part in the thesis deals with description of the field of operating technologies, supervisory control and data acquisition and protocols Tase-2/ICCP, IEC 61850, IEC 60870-5-104, DNP 3 and DLMS/COSEM. Next part deals with parameters influencing connection and description of simulation tools NS2/NS3, OPNET and OMNeT++. In the practical part there is created a network containing protocols from the standard IEC 61850 in the simulation program OMNeT++. Then in the network a end to end delay and packet loss with increasing traffic is measured.

Internet of Things in Surface Mount TechnologyElectronics Assembly / Sakernas Internet inom Ytmontering av Elektronik

Sylvan, Andreas

January 2017

Currently manufacturers in the European Surface Mount Technology (SMT) industry seeproduction changeover, machine downtime and process optimization as their biggestchallenges. They also see a need for collecting data and sharing information betweenmachines, people and systems involved in the manufacturing process. Internet of Things (IoT)technology provides an opportunity to make this happen. This research project gives answers tothe question of what the potentials and challenges of IoT implementation are in European SMTmanufacturing. First, key IoT concepts are introduced. Then, through interviews with expertsworking in SMT manufacturing, the current standpoint of the SMT industry is defined. The studypinpoints obstacles in SMT IoT implementation and proposes a solution. Firstly, local datacollection and sharing needs to be achieved through the use of standardized IoT protocols andAPIs. Secondly, because SMT manufacturers do not trust that sensitive data will remain securein the Cloud, a separation of proprietary data and statistical data is needed in order take a stepfurther and collect Big Data in a Cloud service. This will allow for new services to be offered byequipment manufacturers. / I dagsläget upplever tillverkare inom den europeiska ytmonteringsindustrin för elektronikproduktionsomställningar, nedtid för maskiner och processoptimering som sina störstautmaningar. De ser även ett behov av att samla data och dela information mellan maskiner,människor och system som som är delaktiga i tillverkningsprocessen.Sakernas internet, även kallat Internet of Things (IoT), erbjuder teknik som kan göra dettamöjligt. Det här forskningsprojektet besvarar frågan om vilken potential som finns samt vilkautmaningar en implementation av sakernas internet inom europeisk ytmonteringstillverkning avelektronik innebär. Till att börja med introduceras nyckelkoncept inom sakernas internet. Sedandefinieras utgångsläget i elektroniktillverkningsindustrin genom intervjuer med experter.Studien belyser de hinder som ligger i vägen för implementation och föreslår en lösning. Dettainnebär först och främst att datainsamling och delning av data måste uppnås genomanvändning av standardiserade protokoll för sakernas internet ochapplikationsprogrammeringsgränssnitt (APIer). På grund av att elektroniktillverkare inte litar påatt känslig data förblir säker i molnet måste proprietär data separeras från statistisk data. Dettaför att möjliggöra nästa steg som är insamling av så kallad Big Data i en molntjänst. Dettamöjliggör i sin tur för tillverkaren av produktionsmaskiner att erbjuda nya tjänster.

Internet of Things

Cyber Physical Systems

Smart Factory

Operational Technology

Surface Mount Technology

IoT

IIoT

M2M

Cloud

Big Data

Fog computing

Edge computing

SMT

SMD

Electronics

Industrial Internet

Industrie 4.0

CPS

Sakernas internet

industriell IoT

Smart Fabrik

Elektronikproduktion

Engineering and Technology

Teknik och teknologier

Robotics

Robotteknik och automation

Communication Systems

Kommunikationssystem

Computer Systems

Datorsystem