Novel Approaches to Standard Based Cybersecurity Risk Management in OT Environment

The rapid integration of Information Technologies (IT) with Operational Technology (OT) in industrial environments has significantly increased cybersecurity risks for critical infrastructure. This thesis addresses these challenges by developing a cybersecurity risk management framework specifically for OT systems. Based on standards such as International Society of Automation (ISA)99/International Electrotechnical Commission (IEC) 62443 and National Institute of Standards and Technology (NIST), the research addresses gaps in current practice and aims to strengthen OT resilience through a focused approach to risk management. The thesis begins with an analysis of the OT cybersecurity landscape, highlighting key differences between IT and OT environments. It then reviews relevant cybersecurity standards and compares them to identify best practices for OT. The primary contribution is a cybersecurity risk assessment Framework that aligns with these industry standards while addressing OT-specific vulnerabilities. The framework includes targeted strategies for conducting a vulnerability assessment of the proprietary wireless communication protocols used in OT. To monitor cyber risks, the thesis presents and evaluates a customised anomaly detection system, Anomaly Detection System for OT (ADS-OT), designed to take into account the unique characteristics of OT processes. It also presents AIrFIELD, a solution tailored for monitoring OT protocols such as Serial Fieldbus, which covers all layers of OT networks. Together, these systems enable real-time monitoring and early threat detection, essential for rapid incident response in OT environments, and highlights the dynamics of the process being monitored. The research also highlights the importance of cybersecurity training and awareness for OT cybersecurity personnel, emphasising that human expertise is crucial for effective defence. Additionally, it proposes a solution for the automotive sector. In conclusion, the proposed cybersecurity risk management framework, validated through experimentation, provides a structured approach to managing OT cybersecurity risks, helping OT environments align with established standards and significantly improve their resilience to emerging cyber threats.