Publicação
Visualization of security in industrial control systems respecting IEC-62443
| Resumo: | The importance of visualizing security in industrial control systems respecting the IEC62443 security standards has increased. This is due to the increase in cyber attacks, its complexity over time, and the security standards created to protect users from compromising them. Through an adequate visualization of security information, it is possible to manage and analyze information to make decisions for good management of systems' security. In this sense, this study's main objective was to describe a possible solution to assist in security management, having been developed in partnership with Siemens Technology, based in Germany. Thus, appropriate tools were used and evaluated to model the data and create visual elements to represent the industrial control system's components. Their security attributes were chosen to be in a dashboard. Kibana was used for three case studies, the last one being the most important for Siemens. The data were obtained through the security software test tool. These were organized and treated to be in a configuration that allowed them to be imported into Kibana and create a dashboard containing the information needed to make decisions and discover gaps in the system. Subsequently, the proposed solution was evaluated through a questionnaire applied to the specialists responsible for industrial control systems security to obtain suggestions that would improve its usefulness and security management assistance. From the results obtained, it was possible to observe the security representation using a visualization tool, demonstrate compliance with IEC-62443 security protocols, thus enabling a simplified security analysis of an industrial control system. |
|---|---|
| Autores principais: | Martins, Alexandre Gil de Sá |
| Assunto: | Industrial control systems Visualization for security management Visual data modeling and analysis Security visualization Security requirements Security standards (IEC-62443 series) Sistemas de controlo industrial Visualização na gestão de segurança Modelação e análise visual dos dados Visualizacao de seguranca Requisitos de segurança Standards de segurança (IEC-62443 series) |
| Ano: | 2020 |
| País: | Portugal |
| Tipo de documento: | dissertação de mestrado |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | ISCTE |
| Idioma: | inglês |
| Origem: | Repositório ISCTE |
| Resumo: | The importance of visualizing security in industrial control systems respecting the IEC62443 security standards has increased. This is due to the increase in cyber attacks, its complexity over time, and the security standards created to protect users from compromising them. Through an adequate visualization of security information, it is possible to manage and analyze information to make decisions for good management of systems' security. In this sense, this study's main objective was to describe a possible solution to assist in security management, having been developed in partnership with Siemens Technology, based in Germany. Thus, appropriate tools were used and evaluated to model the data and create visual elements to represent the industrial control system's components. Their security attributes were chosen to be in a dashboard. Kibana was used for three case studies, the last one being the most important for Siemens. The data were obtained through the security software test tool. These were organized and treated to be in a configuration that allowed them to be imported into Kibana and create a dashboard containing the information needed to make decisions and discover gaps in the system. Subsequently, the proposed solution was evaluated through a questionnaire applied to the specialists responsible for industrial control systems security to obtain suggestions that would improve its usefulness and security management assistance. From the results obtained, it was possible to observe the security representation using a visualization tool, demonstrate compliance with IEC-62443 security protocols, thus enabling a simplified security analysis of an industrial control system. |
|---|