NORMA eResearch @NCI Library

An Effective Cybersecurity Risk Assessment Framework for a Public Sector Gas Production/Distribution Company

Hussain, Meraz (2023) An Effective Cybersecurity Risk Assessment Framework for a Public Sector Gas Production/Distribution Company. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration manual]
Preview
PDF (Configuration manual)
Download (2MB) | Preview

Abstract

Computer systems developed specifically for use in critical infrastructure sectors (energy, water, etc. fall under the umbrella term "operational technology" (OT). The field of operational technology that deals with systems for keeping tabs on and regulating factories inner workings is known as "Industrial Control System" (ICS). These systems are the foundation of every nation's critical infrastructure (CNI) such as the gas, water, electricity, transportation. However, in recent years, a significant number of cyberattacks have been directed against Industrial Control Systems (ICS) because Information technology (IT) and operational technology (OT) areas are gradually becoming more intertwined.

This research presents a novel approach to define, implement and test a cyber security risk assessment methodology for a public sector natural gas producer and distributor with complex control system environments by leveraging the international cybersecurity standards and consequently measure as well as recommend remediation for threats and vulnerabilities to its OT infrastructure. The use of multiple cybersecurity frameworks aids to assess the risks, measure the recommendations and efficiently reduce risks. This research developed a realistic Risk Assessment approach to analyze a critical infrastructure energy sector organization's critical assets and cyber maturity. The organization was able to use this methodology to assess its existing cyber controls and plan cybersecurity program improvements. The result of the methodology shows the gap in the maturity of the current organization per NIST CSF Tiers with that of target state organization’s stakeholders aim to reach which was level 3 (Repeatable).

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Sahni, Vikas
UNSPECIFIED
Uncontrolled Keywords: Industrial control systems (ICS); Operational Technology (OT); Critical Network Infrastructure (CNI); Distributed control systems (DCS); IT-OT Convergence
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
H Social Sciences > HD Industries. Land use. Labor > Specific Industries > Energy industries
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Tamara Malone
Date Deposited: 28 Apr 2023 14:59
Last Modified: 28 Apr 2023 14:59
URI: https://norma.ncirl.ie/id/eprint/6520

Actions (login required)

View Item View Item