1 |
Mapping out dependencies in network components in critical infrastructureAndersson, Karl January 2018 (has links)
Companies that operate with critical infrastructure face a growing threat from cyber-attacks while at the same time the development in the business is rapidly moving towards a higher level of digitalization. A common type of system in critical infrastructure is supervisory control and data acquisition systems, these systems have properties that can affect their security and will therefore serve as the basis for this thesis work. To stay protected despite systems changes, companies need to make risk assessments in order to analyze how changes will affect the overall system. One thing that is important to focus on is dependencies within the system, this means that not only interaction among computers and networks are concerned but instead a more holistic view of the system need to be considered. This thesis aims to aid the process of a future risk assessment by providing a methodology to be used as a preparatory step before a risk assessment by describing the current situation of the system. This is done by evaluating two system modeling approaches, and also by proposing a number of perspectives that each provides different kind of information about the system’s dependencies. These perspectives are then evaluated by creating system models and dependency graphs, and discussing the outcomes with experts in a utility company to find out their applicability. According to the experts, the proposed perspectives have promising properties that can be useful in future risk assessments as well as in other scenarios. Moreover, the evaluated modeling approaches got positive comments during evaluation and are considered to serve their purpose.
|
Page generated in 0.0925 seconds