Sammendrag
Securing critical infrastructure from cyber threats has become increasingly important.
An example is the 2016 cyber attack on Ukraine’s electric grid, which caused a blackout.
Cyber attacks can cause safety impacts on civilian infrastructure, e.g. by cutting the
electricity to civilian hospitals which depend on a reliable supply of electricity. Industries
widely dependant on Operational Technology (OT) systems for daily operations include
the oil and gas industry, nuclear facilities, and electric power distribution. Therefore, providing
a security structure to ensure the safety of these industry actors’ OT assets and
operationality is of interest.
When cyber security breaches are capable of causing safety impacts, methods considering
both safety and cyber security require consideration. This thesis has studied two
methods of joint safety and cyber-security risk assessment. The first of these methods
is Idaho National Laboratories’ (INLs) Consequence-driven Cyber-informed Engineering
(CCE), a relatively new method seeking to protect the most critical systems in a facility.
The second method is the Uncontrolled Flows of Information and Energy (UFoI-E) causality
method. This method seeks to identify possible deviations and implement barriers that
prevent these deviations from evolving into safety consequences. The two combined safety
and cybersecurity assessment methods have been applied to OT, and opportunities in using
these assessments during the entire system life-cycle have been explored. These risk
assessments can aid the stakeholders in better understanding the vulnerabilities and threats
their OT systems face, even beyond the initial design phase and into the operational phase.
The methods have been applied in an electrical grid system case study, mainly focusing
on an electric substation. The methods were subject to a mutual comparison. One proposal
for modification regards the implementation of a checklist tool for the CCE method to provide
a better framework for organising the documents needed to conduct the assessment.
A tool has been developed to address this issue, including a calculator that simplifies the
process of calculating the impact scores of critical events.
Several attributes and characteristics have been considered to thoroughly compare the
two methods. The comparisons and the case study results have provided grounds for suggestions
for modifications to be considered in future projects using these methods. The
thesis concludes by proposing a set of thoughts regarding future work on the subject.
Vis fullstendig beskrivelse