| | SLO | ENG | Cookies and privacy

Bigger font | Smaller font

Show document

Title:Analiza informacijskih tveganj industrijskih kontrolnih sistemov v Termoelektrarni Šoštanj : magistrsko delo
Authors:Strmšek, Blanka (Author)
Bernik, Igor (Mentor) More about this mentor... New window
Files:.pdf MAG_Strmsek_Blanka_2014.pdf (2,58 MB)
MD5: F8750E060CDFDC19765FF2A1486C8888
 
Language:Slovenian
Work type:Master's thesis/paper (mb22)
Typology:2.09 - Master's Thesis
Organization:FVV - Faculty of Criminal Justice and Security
Abstract:Informacijska varnost industrijskih kontrolnih sistemov (IKS) je eno izmed manj poudarjenih varnostnih področij. Na eni strani se o njej pojavljajo številne nejasnosti, povezane z zagotavljanjem informacijske varnosti sistemov, in operativnih potreb na drugi. Te težijo k vedno večjemu povezovanju kontrolnih sistemov, tako znotraj, kot zunaj organizacije, kot na primer v Termoelektrarni Šoštanj (TEŠ). V TEŠ-u so z novimi informacijsko-komunikacijskimi tehnologijami (IKT) in povezovanjem le-teh, izboljšali ekonomičnost in zanesljivost obratovanja elektroenergetskih sistemov, ter s tem povečali kakovost pridobivanja električne energije. Poleg prednosti, povezovanja sistemov, pa so se tu začele pojavljati tudi slabosti. Nekoč izolirani sistemi, so tako danes postali vse bolj izpostavljeni zunanjim ciljno usmerjenim napadom. Ti trenutno predstavljajo največjo nevarnost za kontrolne sisteme ter posledično za kritično infrastrukturo in nacionalna gospodarstva. Potrebno se je zavedati, da je sisteme pred temi grožnjami skoraj nemogoče zaščititi. Kar lahko storimo je, da zmanjšamo stopnjo verjetnosti uresničitve teh groženj. Za zagotovitev ustrezne stopnje informacijske varnosti je potrebno celovito upravljanje, pri čemer je pomembno dobro oceniti trenuten položaj podjetja. Dobro oceno položaja pa je moč doseči s temeljitim varnostnim pregledom podjetja oziroma analizo informacijskih tveganj. Da bi TEŠ-u zagotovili večjo varnost sistemov, je bila tako izvedena analiza informacijskih tveganj, ki je temeljila na standardih za varnost industrijske avtomatizacije in najboljših praksah za zaščito IKS. Z analizo tveganja smo želeli opozoriti vodstvo in varnostne strokovnjake v TEŠ-u o stopnji varnosti in ranljivosti sistemov v notranjem omrežju z namenom, da bi ti namenili večjo pozornost obravnavanemu problemu, hkrati pa izboljšali stroškovno učinkovitost upravljanja varnosti kritičnih IKS. V magistrski nalogi so tako bile obravnavane grožnje, ranljivosti in vektorji napadov, ki pretijo najbolj kritičnemu delu kontrolnih sistemov v Termoelektrarni Šoštanj. Na podlagi ugotovljenega stanja so bili predlagani praktični ukrepi za odpravo pomanjkljivosti, ki bodo zmanjšali stopnjo tveganj.
Keywords:informacijska varnost, industrijski kontrolni sistemi, informacijska tveganja, varnostne grožnje, magistrska dela
Year of publishing:2014
Year of performance:2014
Place of performance:[Ljubljana
Publisher:B. Strmšek]
Number of pages:81 str.
Source:[Ljubljana
UDC:004.056(043.2)
COBISS_ID:2914794 New window
NUK URN:URN:SI:UM:DK:OVCR6TS7
Views:1109
Downloads:83
Metadata:XML RDF-CHPDL DC-XML DC-RDF
Categories:FVV
:
  
Average score:(0 votes)
Your score:Voting is allowed only for logged in users.
Share:AddThis
AddThis uses cookies that require your consent. Edit consent...

Hover the mouse pointer over a document title to show the abstract or click on the title to get all document metadata.

Secondary language

Language:English
Abstract:Industrial control systems (ICS) are one of the less secure areas. On one side, there are numerous uncertainties related with providing information security to information systems, and operational needs on the other. These tend to greater connectivity of control systems, both within and outside the organization as in Šoštanj Thermal Power Plant (TEŠ). TEŠ tried to improve economic efficiency and operational reliability, by upgrading information and communication technologies (ICT) and by connecting them into newer systems where improvement of performance was expected. Besides some advantages, a lot of newer disadvantages occurred. Once isolated systems are today increasingly exposed to external targeted attacks, which currently represent the greatest threat to control systems and consequently, to critical infrastructure and national economies. Protecting those systems, against these threats is nearly impossible to ensure. What we can do is to reduce the level of likelihood of these threats. In order to ensure an appropriate level of information security, it is necessary to provide comprehensive management, making it necessary to assess the current situation of the company. Good assessment of the situation could be obtained thorough security checks of the company or information risks analysis. In TEŠ information risk analyses, which were based on the standards for security of industrial automation systems and best practices for the protection ICS, were performed. By analyzing the risks of this assessment, we tried to warn executives and security experts in TEŠ on the safety and vulnerability of their systems in the internal network, in order to give greater attention to these problems addressed, while enhancing the cost-effectiveness information security management of critical ICS. This work discusses threats, vulnerabilities and attack vectors, posed the most critical part of the control systems TEŠ. Based on the identified condition were proposed practical measures to overcome the shortcomings that will reduce the risk level.


Comments

Leave comment

You have to log in to leave a comment.

Comments (0)
0 - 0 / 0
 
There are no comments!

Back
Logos of partners University of Maribor University of Ljubljana University of Primorska University of Nova Gorica