Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Master’s Project Proposal

advertisement 
Master’s Project Proposal
Evaluation of tools and standards for Risk Assessment in
the areas of Industrial Automation and Control System
Summary: Security risk assessment is the process of identifying risks to
operations, assets, or individuals by determining the probability of occurrence,
the resulting impact, and additional security controls that would mitigate this
impact. Taking into consideration different security requirements of Industrial
Automation and Control System (IACS), the goal of this Master’s project is to
conduct detailed evaluation of Risk Assessment standards, methodologies and
tools in the areas of IACS.
Internal Supervisor: Prof. Audun Jøsang, IFI
Industry Supervisors: Dr. Mushfiq Chowdhury, ABB Research Norway
Dr. Judith Rossebø, ABB Research Norway
Duration of study: 6 months (approximately)
Special Requirements: Under NDA (only if found necessary)
Interested candidates are welcome to contact ABB at: education@no.abb.com,
or Prof. Jøsang at IFI: josang@ifi.uio.no
Background and Motivation
Security goals (Confidentiality, Integrity and Availability) are prioritized differently in
Industrial Automation and Control Systems (IACS). In a conventional IT system,
protection of data confidentiality and integrity are the primary concerns. Whereas in
IACS, availability and integrity are considered as priority. For an IACS, fault
tolerance to prevent loss of life or endangerment of public health or confidence,
regulatory compliance, loss of intellectual property, or lost or damaged products are
the primary concerns.
The security threat landscape for IACS is continuously evolving as today’s IACS is
moving from stand-alone isolated network towards connected network. Instead of
proprietary protocols, adoption of open and common standards and protocols in
IACS further enhanced the security threats. Due to long life time, legacy devices are
required to be ready to meet these challenges. Different security requirements and
constraints demand investigation of traditional risk assessment methodologies
before they are being applied in the areas of IACS. In this context, relevant
international standardization bodies have proposed specific standards to deal with
special requirements of the IACS.
Tentative Work Plan
This Master’s project focuses on the evaluation of tools and methodologies in the
area of risk assessment with the aim to evaluate whether the
tools/standards/methodologies are suitable for use in the areas of IACS. The thesis
will also reach some conclusions on the applicability of selected suitable
methodology based on evaluation criteria. If there exist such criteria, those need to
be verified and where necessary new criteria should be added. Additionally, the
student is expected to propose modifications to an existing methodology so that it
is even more applicable for IACS.
The Master’s student will first conduct a state of the art investigation to get an
overview of relevant risk assessment methodologies and tools. Based on a set of
evaluation criteria, a number of methodologies and tools will be selected for further
evaluation and analysis. The state of the art investigation should include
methodologies and best practices developed by the research/academic community,
relevant International standards focusing IACS (e.g. ISA99/IEC 62443) as well as
generic information security risk assessment or management standards (e.g. ISO
27000 series). In addition to International standards, the thesis will evaluate
relevant information security guidelines and best practices proposed by
organizations such as NIST, ENISA, CERTs (e.g. ICS-CERT) etc. Regional standards
such as Norwegian Oil and Gas guidelines (old OLF) should also be studied.
The Master’s project will identify the most relevant risk assessment tools and will
investigate thoroughly the available open source tools. Some of these tools may
contain software components to assess risks. While performing the detailed
evaluation works, this work will shed lights on how to use these tools and conduct a
strength and weakness analysis. While evaluating risk assessment methodologies
and tools, the student may propose extensions or modifications to elected ones in
order to make them more suitable for IACS.
The key expected outcomes of the project are listed as follows:
- Identify evaluation criteria for risk assessment methodologies and tools
- Evaluation of methodologies and tools based on investigations and usage of
these tools
- If enhancement to existing methodologies or tools are required, propose
extensions or modifications to these methodologies and tools
Tentative work plan (approximate months may change, of course),
M0-M1:
- Study of IACS, Risk Assessment, Standards bodies and relevant IACS organizations
- Identification of tools and methodologies and state of the art analysis
M1-M4:
- Identification of evaluation criteria
- Evaluation and hand-on test of tools and methodologies for IACS
M3-5:
- Strength and weakness analysis of the tools and methodologies
- Gap analysis and propose updates to the tools or methodologies
M5-6:
- Finalizing and writing up Master’s thesis
Related documents
FUNDAMENTAL OF FIRE ENGINEERING & RISK MANAGEMENT
FUNDAMENTAL OF FIRE ENGINEERING & RISK MANAGEMENT
Chapter 22W Web Key Question Solutions
Chapter 22W Web Key Question Solutions
PE-H Human Behavior
PE-H Human Behavior
Amukowa
Amukowa
Title: Civil Structural Department Manager Location: Richmond, VA
Title: Civil Structural Department Manager Location: Richmond, VA
MFGE‐665 Reliability Engineering
MFGE‐665 Reliability Engineering
CLASSIFICATION SOCIETIES - their key role
CLASSIFICATION SOCIETIES - their key role
Migrating Legacy IACS Networks to a Converged Plantwide Ethernet Architecture
Migrating Legacy IACS Networks to a Converged Plantwide Ethernet Architecture
Download
advertisement