Unifying cybersecurity requirements in automation projects
Nopanen, Veikko (2023)
Nopanen, Veikko
2023
Automaatiotekniikan DI-ohjelma - Master's Programme in Automation Engineering
Tekniikan ja luonnontieteiden tiedekunta - Faculty of Engineering and Natural Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2023-03-01
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-202302232595
https://urn.fi/URN:NBN:fi:tuni-202302232595
Tiivistelmä
Cybersecurity requirements for automation systems are set by many stakeholders during the project lifecycle. The increasing connectivity capabilities on these systems create a need for additional requirements that ensure protection from a wide range of cyber threats. The management of requirements has an important role when seeking conformity with multiple stakeholders but can be challenging due to differences in the cybersecurity frameworks.
This thesis reviews the cybersecurity publications in the industry including the relevant sources of requirements and methods for comparing requirements. The purpose of the research is to formulate a method to reduce the number of requirements while satisfying the stakeholders’ requirements. This unifies the different structures between the requirement sources and reduces redundancy of similar requirements.
The proposed method is a five-step process, which is partially based on the systematic literature review done in this thesis. The method uses multiple sources of requirements as an input and outputs a reduced set of requirements. The process is verified during the workshops with multiple cybersecurity specialists where the results are evaluated for further application on the automation projects. The results show that there is redundancy among the requirements coming from different sources and which areas of the project can be improved to achieve better cybersecurity state.
This thesis reviews the cybersecurity publications in the industry including the relevant sources of requirements and methods for comparing requirements. The purpose of the research is to formulate a method to reduce the number of requirements while satisfying the stakeholders’ requirements. This unifies the different structures between the requirement sources and reduces redundancy of similar requirements.
The proposed method is a five-step process, which is partially based on the systematic literature review done in this thesis. The method uses multiple sources of requirements as an input and outputs a reduced set of requirements. The process is verified during the workshops with multiple cybersecurity specialists where the results are evaluated for further application on the automation projects. The results show that there is redundancy among the requirements coming from different sources and which areas of the project can be improved to achieve better cybersecurity state.