Education at Lviv Polytechnic

Analysis of information security threats in automated industrial control systems

Students Name: Blyzniuk Andrian Myroslavovych

Qualification Level: magister

Speciality: Computer Control Systems for Moving Objects (Automobile Transport)

Institute: Institute of Computer Technologies, Automation and Metrology

Mode of Study: full

Academic Year: 2021-2022 н.р.

Language of Defence: ukrainian

Abstract: Relevance of the work. Industrial management systems are important for production. Violation of these processes can and often does have direct financial and brand impact, in addition to potential safety and non-compliance implications. In Ukraine, recent experience has shown that the problem situation is quite real. Many companies do not work at all to protect their management systems from today’s serious cyber threats. Experts advise at least to use the same safety manual ASK TP, created by the American NIST. Cybersecurity experts have described in detail the key principles and recommendations on how to determine the risks of grading physical damage to systems, how to build protection programs and more. Violation of the security of ASC TP threatens much more serious consequences than the need to "just restore" the performance of computers. Cybersecurity is not a product, but a process. That is, you can not just take and "buy" cybersecurity. This requires not only software, but also constant monitoring of all processes in production, as well as regular risk analysis. And of course, the effectiveness of protection depends not only on iron, but also on people, their literacy and the level of proper organization of work. Among the recent positive developments are the decision of the National Security and Defense Council to protect critical infrastructure and the fact that after the attack of the Petya virus, almost all state-owned enterprises have created cyber defense units. The situation in the authorities is not so rosy yet. One of the most critical issues is the monitoring of software vulnerabilities, both underlying ASC TP and related operating systems or databases. The purpose of the study of this master’s thesis is to analyze the existing automated control systems and models of threats to their security. Analyze international cyber attacks, as well as in Ukraine. Offer safe solutions for industrial systems. The object of research is - industrial control systems. The subject of research is cybersecurity of industrial control systems 8 Novelty of the obtained results. Based on the developed model of information security threats to automated process control systems and analysis of cyber attacks on enterprises, recommendations are given on how to implement information security protection at industrial facilities. In this master’s qualification work the general characteristics of automated industrial control systems and the model of threats to the security of their information are considered. A review of modern industrial production systems and an analysis of cyber attacks in the world and in Ukraine in particular. Known types of vulnerabilities, cyber attacks and malware are presented, and the model of counteracting them is considered. The paper focuses on the analysis of security threats to industrial control systems and proposes safe solutions for industrial systems. It has become clear that the implementation of IoT technology from the outset should provide security, integrate with functionality, and not be considered secondary. Key words: industrial control system, automated process control system, cybersecurity, intrusion detection system (IDS), cyber attack. List of sources used 1. Linda O, Vollmer T, Manic M. Neural network based intrusion detection system for critical infrastructures. Proceedings of the 2009 International Joint Conference on Neural Networks, IJCNN’09. Piscataway, NJ, USA: IEEE Press; 2009. p. 102–9. ISBN 978-1-4244-3549-4, http: // dl: acm: org / citation: cfm? Id = 1704175: 1704190. 2. Kiss I, Genge B, Haller P. A clustering-based approach to detect cyber attacks in process control systems. 2015 IEEE 13th International Conference on Industrial Informatics (INDIN) 2015: 142–8. http://dx.doi.org/10.1109/ INDIN.2015. 7281725. ISSN 1935-4576. 3 .. Caselli M, Zambon E, Kargl F. Sequence-aware intrusion detection in industrial control systems. Proceedings of the 1st ACM workshop on cyber- 9 physical system security, CPSS ‘15. New York, NY, USA: ACM; 2015. p. 13–24. http://dx.doi.org/ 10.1145 / 2732198.2732200. ISBN 978-1-4503-3448-8. 4 .. Premaratne UK, Samarabandu J, Sidhu TS, Beresh R, Tan JC. An intrusion detection system for IEC61850 automated substations. IEEE Trans Power Deliv 2010; 25 (4): 2376–83. http://dx.doi.org/10.1109/TPWRD.2010.2050076. ISSN 0885-8977