Safe security scanning of a production state automation system
Pulkkinen, Henri (2023)
Pulkkinen, Henri
2023
Automaatiotekniikan DI-ohjelma - Master's Programme in Automation Engineering
Tekniikan ja luonnontieteiden tiedekunta - Faculty of Engineering and Natural Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2023-01-31
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-202301021027
https://urn.fi/URN:NBN:fi:tuni-202301021027
Tiivistelmä
The amount of cybersecurity threats against industrial automation systems, OT and ICS environments, as well as critical infrastructure grows at a rapid pace. Cyberattacks against such systems might cause significant economic, physical, or reputational damage to the target organization. Due to the seemingly non-ending dangers these systems face, detection methods and tools against such threats are also continuously developed.
The purpose of this thesis is to study the current possibilities regarding security scanning of production state automation systems, such as industrial systems and critical infrastructure. The common scanning methods can be divided into active scanning and passive detection. Due to different issues in these methods, the best practice has conventionally been to use them both side-by-side, but more innovative practices have also been proposed and tested.
As a theoretical background for the study, it is relevant to define the pros and cons of the so-called conventional solutions and the most common tools. It is also important to study the basic characteristics of the automation systems being scanned, and the effects the studied security scanning solutions have on the systems. After the preliminary study, existing commercial products, such as Tenable Active Querying and Nozomi Smart Polling, as well as emerging technologies and proposed solutions, such as delay-based scanning and UDP based scans, are studied and analysed in appropriate depth to determine possible improvements for the commonly used methods in the area.
The thesis finally presents a proposal for optimal utilization of current and emerging technologies and solutions regarding security scanning of production state automation systems, based on the capabilities of current commercial products, as well as prior studies and the most recent developments in the area.
The purpose of this thesis is to study the current possibilities regarding security scanning of production state automation systems, such as industrial systems and critical infrastructure. The common scanning methods can be divided into active scanning and passive detection. Due to different issues in these methods, the best practice has conventionally been to use them both side-by-side, but more innovative practices have also been proposed and tested.
As a theoretical background for the study, it is relevant to define the pros and cons of the so-called conventional solutions and the most common tools. It is also important to study the basic characteristics of the automation systems being scanned, and the effects the studied security scanning solutions have on the systems. After the preliminary study, existing commercial products, such as Tenable Active Querying and Nozomi Smart Polling, as well as emerging technologies and proposed solutions, such as delay-based scanning and UDP based scans, are studied and analysed in appropriate depth to determine possible improvements for the commonly used methods in the area.
The thesis finally presents a proposal for optimal utilization of current and emerging technologies and solutions regarding security scanning of production state automation systems, based on the capabilities of current commercial products, as well as prior studies and the most recent developments in the area.