Human Factor, Cyber Hygiene, Cyber-Physical Systems, and Industrial Control Systems in the Context of Cybersecurity
Tuomala, Vesa (2023)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2023052313040
https://urn.fi/URN:NBN:fi:amk-2023052313040
Tiivistelmä
The purpose of this study was to examine cybersecurity in critical infrastructure, human factors, and cyber hygiene in Cyber-Physical Systems (CPS) and Industrial Control Systems (ICS).
The human factor is widely accepted as a contributor to more than 80% of accidents. Human factors and cyber hygiene are the keys to risk reduction in these safety-critical systems. This study provides deeper knowledge to understand operational technology in critical infrastructure systems and how to prevent and mitigate cyber-attacks against these systems.
The hypothesis of this study is that the rate of cyber-attack risk will continue to increase and as such, there is a need to raise awareness for the prevention and mitigation of incidents for the production stakeholders.
Accordingly, the research question (RQ1) is: To what extent can the risk of CPS and ICS cybersecurity incidents be mitigated?
The sub questions are: (RQ2) What are the best practices to mitigate cyber-attacks? and (RQ3) What type of cyber-exercises could be provided to CPS/ICS personnel, and could those be used both at sea and onshore?
The study used qualitative research methodology of new and relevant information from papers and articles written by human factor, cybersecurity, and operational technology experts. Accordingly, the research method was a literature review. The study concentrates on the human factors and cyber hygiene governing cybersecurity, as well as information about the term Industry 4.0, CPS, and ICS and their cybersecurity. The research also focuses on how to prevent and mitigate cyber-attacks. This study is a follow-up to earlier desk studies that aim to broaden the knowledge of cybersecurity and IoT issues in the SME industry.
The results of the study part outline securing operational and information technology and the findings of the best practices for the protection of CPSs. The study concludes with a recommendation for further research on the practical level of exercises in Finnish SME corporates.
The human factor is widely accepted as a contributor to more than 80% of accidents. Human factors and cyber hygiene are the keys to risk reduction in these safety-critical systems. This study provides deeper knowledge to understand operational technology in critical infrastructure systems and how to prevent and mitigate cyber-attacks against these systems.
The hypothesis of this study is that the rate of cyber-attack risk will continue to increase and as such, there is a need to raise awareness for the prevention and mitigation of incidents for the production stakeholders.
Accordingly, the research question (RQ1) is: To what extent can the risk of CPS and ICS cybersecurity incidents be mitigated?
The sub questions are: (RQ2) What are the best practices to mitigate cyber-attacks? and (RQ3) What type of cyber-exercises could be provided to CPS/ICS personnel, and could those be used both at sea and onshore?
The study used qualitative research methodology of new and relevant information from papers and articles written by human factor, cybersecurity, and operational technology experts. Accordingly, the research method was a literature review. The study concentrates on the human factors and cyber hygiene governing cybersecurity, as well as information about the term Industry 4.0, CPS, and ICS and their cybersecurity. The research also focuses on how to prevent and mitigate cyber-attacks. This study is a follow-up to earlier desk studies that aim to broaden the knowledge of cybersecurity and IoT issues in the SME industry.
The results of the study part outline securing operational and information technology and the findings of the best practices for the protection of CPSs. The study concludes with a recommendation for further research on the practical level of exercises in Finnish SME corporates.