V.V. Yermoshyn, G.O. Karasiuk, S.F. Honchar
Èlektron. model. 2021, 44(1):93-106
https://doi.org/10.15407/emodel.44.01.093
ABSTRACT
It is shown that effective cybersecurity risk management in operational technology environments requires the recognition of some key differences in the risk profile, in the strategic approach, in technology, in approaches to vulnerabilities and updates, in the need for skills. It is shown that planning and strategy should be carried out in constant cooperation with all relevant stakeholders, including operational engineers who have specialized experience in ensuring the operability of operational technology equipment and maintaining complex relationships with suppliers of automated process control systems. The analysis of the main risks for industrial companies and critical infrastructure facilities is carried out. Approaches to the analysis of cyber risks by the bowtie method are given. It is noted that industrial companies seeking to automate their work to improve their efficiency face problems with equipment of technological networks: low security of the outer perimeter of the network accessible from the Internet, low protection against penetration into the technological network, device configuration shortcomings, network segmentation and traffic filtering vocabulary passwords, use of outdated software versions.
KEYWORDS
cyber risks, cyber-attacks, technology, infrastructure, security.
REFERENCES
- Mohor, V.V., Bakalinsky, O.O. and Tsurkan, V.V. (2018), “Representation of information security risk assessments by risk map”, Information Technology and Security, Vol. 6, no. 1, pp. 94–100.
https://doi.org/10.20535/2411-1031.2018.6.2.153494 - Mokhor, V.V. and Goncha, S.F. (2019), “Research of Validity of Presentation of Risks by Vectors in the Euclide Space”, Elektronne modelyuvannya, Vol. 41 no. 4, pp. 73-84.
https://doi.org/10.15407/emodel.41.04.073 - Honchar, S.F., Herasymov, R.P. and Tkachenko, V.V. (2019), “Investigation of the Problem of Cybersquity of the United Energy System of Ukraine as a Whole”, Elektronne modelyuvannya, Vol. 41 no. 1, pp. 43-53.
https://doi.org/10.15407/emodel.41.01.043 - Honchar, S.F. (2014), “Ways to improve the state policy of information security of critical infrastructure of Ukraine”, materials of the round table "State response to threats to national interests of Ukraine: current issues and ways to solve them", pp. 92-95.
- Report of the International Economic Forum “The Global Risk Report 2020” by World Economic Forum, available at: https://www3.weforum.org/docs/WEF_Global_Risk_Report_2020.pdf
- Ukrainian Strategy of Industry 4.0, available at: https://industry4-0-ukraine.com.ua/.
- A Comprehensive Guide to Operational Technology (OT) Cybersecurity, available at: https://www.missionsecure.com/.
- Building cyber security into critical infrastructure, available at: https://www2.deloitte.com/content/dam/Deloitte/ua/Documents/about-deloitte/UA_Deloitte_Ukraine_Sustainability_ Report_2019-2020.pdf.
- Securing IT and OT in Industrial and Manufacturing Environment, available at: https://www.armis.com/white-papers/securing-it-ot-in-industrial-environments/.
- An executive guide to industrial cybersecurity, available at: https://www.powermag.com/wp-content/uploads/2021/11/industrial-cybersecurity-for-executives-dragos-2021.pdf.
- Build Adaptive Security Architecture Info your Organization available at: https://www.gartner.com/smarterwithgartner/build-adaptive-security-architecture-into-your-organization.