1 |
Towards successful technology introductions : executive summaryTurner, Suzanne N. January 1998 (has links)
No description available.
|
2 |
An exploration of the need of OT governance and the adaption of IT governance frameworks to fulfil this requirementDe Villiers, Peter 04 1900 (has links)
Thesis (MBA)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: Corporate governance codes such as King III are focussing on IT governance due to the strategic nature of IT systems and the impact security breaches or failure of IT systems can have on a company’s sustainability. The convergence of Operational Technology (OT) and IT brings about both risks and opportunities for OT systems, while further entrenching their strategic nature within organisations. These systems are therefore key to the sustainability of an organisation and this necessitates the extension of sound governance not only to IT but also to OT.
In many organisations, due to the previously closed or proprietary nature of OT systems, no governance controls or frameworks have traditionally been needed or put in place for OT systems. The aim of this research was to explore whether the lack of OT governance controls or framework within OT reliant organisations could be addressed by adapting and implementing leading IT governance models for OT systems due to the convergence between traditional IT and OT.
The research methodology employed was a literature review followed by the selection and adaptation of a leading IT governance framework for OT governance. Additional data regarding OT incidents was gathered from the author’s own organisation and documented as mini case studies to determine if OT governance could have mitigated or minimised the impact of the documented OT incidents.
The research showed that IT and OT are converging on two fronts, firstly due to integration between IT and OT and secondly due to the sharing of common technologies at a hardware, software and network layer. The research also indicated that the security risks facing IT continue to grow in number and sophistication. By extension, due to the technology convergence, these risks are now extending to OT systems, adding to the risks already facing OT systems.
Leading corporate governance codes are espousing holistic governance to ensure the sustainability of an enterprise. Certain codes such as King III from South Africa have specifically called out IT governance as a key element of a holistic governance practice.
Due to the convergence between IT and OT as well as the increasing risk, the lack of governance in OT can have a material impact on the sustainability of an OT reliant enterprise, necessitating the extending of governance to cover not only IT but OT as well.
The research showed that a leading IT governance framework such as COBIT 5 can be applied to OT with little or no adaptation firstly due to the closeness between IT and OT brought about by the convergence between IT and OT, and secondly due to the way that COBIT 5 has been developed to serve as an overarching governance framework that can be adapted and applied by Enterprises to suit their unique requirements, one of which could be OT governance.
|
3 |
Exploring Industry Cybersecurity Strategy in Protecting Critical InfrastructureBoutwell, Mark 01 January 2019 (has links)
Successful attacks on critical infrastructure have increased in occurrence and sophistication. Many cybersecurity strategies incorporate conventional best practices but often do not consider organizational circumstances and nonstandard critical infrastructure protection needs. The purpose of this qualitative multiple case study was to explore cybersecurity strategies used by information technology (IT) managers and compliance officers to mitigate cyber threats to critical infrastructure. The population for this study comprised IT managers and compliance officers of 4 case organizations in the Pacific Northwest United States. The routine activity theory developed by criminologist Cohen and Felson in 1979 was used as the conceptual framework. Data collection consisted of interviews with 2 IT managers, 3 compliance officers, and 25 documents related to cybersecurity and associated policy governance. A software tool was used in a thematic analysis approach against the data collected from the interviews and documentation. Data triangulation revealed 4 major themes: a robust workforce training program is crucial, make infrastructure resiliency a priority, importance of security awareness, and importance of organizational leadership support and investment. This study revealed key strategies that may help improve cybersecurity strategies used by IT and compliance professionals, which can mitigate successful attacks against critical infrastructure. The study findings will contribute to positive social change through an exploration and contextual analysis of cybersecurity strategy with situational awareness of IT practices to enhance cyber threat mitigation and inform business processes.
|
4 |
Operational technology definition and differentiation : In the context of operational systems in SwedenNyqvist, Jennifer January 2020 (has links)
ICS, short for Industrial Control Systems, can be a part of the electrical and water supplies among others, which are important instances for society. This all resides in the realm of Operational technology, abbreviation OT. Due to technological development, Information Technology i.e. IT is introduced and merged into the realm of industrial systems, because of society’s increasing dependencies on digital infrastructures and services.ICS and Supervisory Control and Data Acquisition (SCADA) systems are rather well known and reputable. In the realm of OT, there’s a range of different systems, and ICS itself encompasses a range of process automation technologies, such as SCADA systems and Distributed Control Systems (DCS) among others.This paper aims to try to define and differentiate a distinct boundary of systems without any connection to IT and can be considered purely OT, if they exist at all. This by conducting an interview with people working for governmental agencies with an eminent amount of experience in the realm of OT. What kind of systems are currently in operation today that don’t fit into the realm of ICS, do they exist at all and how do they work?The definition and differentiation of OT may indicate a subset of systems and components, and terminologies of systems in the OT-realm are misused, indicating a lack of insight in this realm of industrial systems.
|
5 |
Applying information security to the operational technology environment and the challenges it bringsHolmström, Anton January 2021 (has links)
Information security risks in the operational technology (OT) environment is becoming legitimate challenges for businesses pursing an industrial digitalisation. IT and OT di˙erences reach across managerial, technical and operational aspects, creating unique challenges in developing a suÿcient security posture. The goal of the study is to gain an understanding of the challenges businesses face when applying information security in the operational technology environment in the context of an increased connectivity to the IT environment. In order to understand how information security is adapted to an OT environment, semi-structured interviews was conducted with respondents working with information security in process and production industries. These findings suggest that businesses tends to view the interconnection of IT and OT as two separate environments rather than one shared, which is causing managerial challenges when adapting an information security strategy to cover both the IT and the OT aspect of an organisation.
|
6 |
Covert Cognizance: Embedded Intelligence for Industrial SystemsArvind Sundaram (13883201) 07 October 2022 (has links)
<p>Can a critical industrial system, such as a nuclear reactor, be made self-aware and cognizant of its operational history? Can it alert authorities covertly to malicious intrusion without exposing its defense mechanisms? What if the intruders are highly knowledgeable adversaries, or even insiders that may have designed the system? This thesis addresses these research questions through a novel physical process defense called Covert Cognizance (C2). </p>
<p>C2 serves as a last line of defense to industrial systems when existing information and operational technology defenses have been breached by advanced persistent threat (APT) actors or insiders. It is an active form of defense that may be embedded in an existing system to induce intelligence, i.e., self-awareness, and make various subsystems aware of each other. It interacts with the system at the process level and provides an additional layer of security to the process data therein without the need of a human in the loop. </p>
<p>The C2 paradigm is founded on two core requirements – zero-impact and zero-observability. Departing from contemporary active defenses, zero-impact requires a successful implementationto leave no footprint on the system ensuring identical operation while zero-observability requires that the embedding is immune to pattern-discovery algorithms. In other words, a third-party such as a malicious intruder must be unable to detect the presence of the C2 defense based on observation of the process data, even when augmented by machine learning tools that are adept at pattern discovery. </p>
<p>In the present work, nuclear reactor simulations are embedded with the C2 defense to induce awareness across subsystems and defend them against highly knowledgeable adversaries that have bypassed existing safeguards such as model-based defenses. Specifically, the subsystems are made aware of each other by embedding critical information from the process variables of one sub-module along the noise of the process variables of another, thus rendering the implementation covert and immune to pattern discovery. The implementation is validated using generative adversarial nets, representing a state-of-the-art machine learning tool, and statistical analysis of the reactor states, control inputs, outputs etc. The work is also extended to data masking applications via the deceptive infusion of data (DIOD) paradigm. Future work focuses on the development of automated C2 modules for “plug ‘n’ play” deployment onto critical infrastructure and/or their digital twins.</p>
|
7 |
Simulace komunikační části moderních průmyslových sítí / Simulation of communication part of modern industrial networksBeneš, Pavel January 2020 (has links)
The thesis is focused on simulating of protocols from standard IEC 61850 in simulation tool OMNeT++. The theoretical part in the thesis deals with description of the field of operating technologies, supervisory control and data acquisition and protocols Tase-2/ICCP, IEC 61850, IEC 60870-5-104, DNP 3 and DLMS/COSEM. Next part deals with parameters influencing connection and description of simulation tools NS2/NS3, OPNET and OMNeT++. In the practical part there is created a network containing protocols from the standard IEC 61850 in the simulation program OMNeT++. Then in the network a end to end delay and packet loss with increasing traffic is measured.
|
8 |
Internet of Things in Surface Mount TechnologyElectronics Assembly / Sakernas Internet inom Ytmontering av ElektronikSylvan, Andreas January 2017 (has links)
Currently manufacturers in the European Surface Mount Technology (SMT) industry seeproduction changeover, machine downtime and process optimization as their biggestchallenges. They also see a need for collecting data and sharing information betweenmachines, people and systems involved in the manufacturing process. Internet of Things (IoT)technology provides an opportunity to make this happen. This research project gives answers tothe question of what the potentials and challenges of IoT implementation are in European SMTmanufacturing. First, key IoT concepts are introduced. Then, through interviews with expertsworking in SMT manufacturing, the current standpoint of the SMT industry is defined. The studypinpoints obstacles in SMT IoT implementation and proposes a solution. Firstly, local datacollection and sharing needs to be achieved through the use of standardized IoT protocols andAPIs. Secondly, because SMT manufacturers do not trust that sensitive data will remain securein the Cloud, a separation of proprietary data and statistical data is needed in order take a stepfurther and collect Big Data in a Cloud service. This will allow for new services to be offered byequipment manufacturers. / I dagsläget upplever tillverkare inom den europeiska ytmonteringsindustrin för elektronikproduktionsomställningar, nedtid för maskiner och processoptimering som sina störstautmaningar. De ser även ett behov av att samla data och dela information mellan maskiner,människor och system som som är delaktiga i tillverkningsprocessen.Sakernas internet, även kallat Internet of Things (IoT), erbjuder teknik som kan göra dettamöjligt. Det här forskningsprojektet besvarar frågan om vilken potential som finns samt vilkautmaningar en implementation av sakernas internet inom europeisk ytmonteringstillverkning avelektronik innebär. Till att börja med introduceras nyckelkoncept inom sakernas internet. Sedandefinieras utgångsläget i elektroniktillverkningsindustrin genom intervjuer med experter.Studien belyser de hinder som ligger i vägen för implementation och föreslår en lösning. Dettainnebär först och främst att datainsamling och delning av data måste uppnås genomanvändning av standardiserade protokoll för sakernas internet ochapplikationsprogrammeringsgränssnitt (APIer). På grund av att elektroniktillverkare inte litar påatt känslig data förblir säker i molnet måste proprietär data separeras från statistisk data. Dettaför att möjliggöra nästa steg som är insamling av så kallad Big Data i en molntjänst. Dettamöjliggör i sin tur för tillverkaren av produktionsmaskiner att erbjuda nya tjänster.
|
Page generated in 0.1073 seconds