An information security governance model for industrial control systems

- Webster, Zynn

Title
An information security governance model for industrial control systems
Creator
Webster, Zynn
Subject
Computer networks -- Security measures
Subject
Data protection Computer security Business enterprises -- Computer networks -- Security measures
Date Issued
2018
Date
2018
Type
Thesis
Type
Masters
Type
MIT
Identifier
http://hdl.handle.net/10948/36383
Identifier
vital:33934
Description
Industrial Control Systems (ICS) is a term used to describe several types of control systems, including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and Programmable Logic Controllers (PLC). These systems consist of a combination of control components (e.g. electrical, mechanical, pneumatic) which act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy). ICS play a fundamental role in critical infrastructures such as electricity grids, oil, gas and manufacturing industries. Initially ICS had little resemblance to typical enterprise IT systems; they were isolated and running proprietary control protocols using specialized hardware and software. However, with initiatives such as Industry 4.0 and Industrial Internet of Things (IIoT), the nature of ICS has changed significantly. There is an ever-increasing use of commercial operating systems and standard protocols like TCP/IP and Ethernet. Consequently, modern ICS are more and more resembling conventional enterprise IT systems, and it is a well-known fact that these IT systems and networks are known to be vulnerable and that they require extensive management to ensure Confidentiality, Integrity, and Availability. Since ICS are now adopting conventional IT characteristics they are also accepting the associated risks. However, owing to the functional area of ICS, the consequences of these threats are much more severe than those of enterprise IT systems. The need to manage security for these systems with highly skilled IT personnel has become essential. Therefore, this research was focussed to identify which unique security controls for ICS and enterprise IT systems can be combined and/or tailored to provide the organization with a single set of comprehensive security controls. By doing an investigation on existing standards and best practices for both enterprise IT and ICS environments, this study has produced a single set of security controls and presented how the security controls can be integrated into an existing information security governance model which organizations can use as a basis for generating a security framework, used not only to secure their enterprise IT systems, but also including the security of their ICS.
Format
iv, 223 leaves
Format
pdf
Publisher
Nelson Mandela University
Publisher
Faculty of Faculty of Engineering, the Built Environment and Information Technology
Language
English
Rights
Nelson Mandela University
  • Hits: 1247
  • Visitors: 1338
  • Downloads: 176

Collections

NMU School of Information and Communication Technology
Thumbnail File Description Size Format
SOURCE1 Zynn Webster MTECH An Information Security Governance Model for Industrial Control Systems.pdf 4 MB Adobe Acrobat PDF
  • Disclaimer
  • Privacy
  • Copyright
  • Contact