Theses and Dissertations Collection

Cyber Security has been given a high priority for operational technology systems in recent years after specific cyber-incidents targeting them. Previously, these systems were primarily concerned with reliability; however, cyber security is now viewed as a critical aspect in avoiding production damage and financial losses. According to certain studies, replacing traditional networks in OT systems with software-defined networks (SDN) minimizes cyber-attacks due to the features provided by these networks. SDN networks have various advantages over traditional networks, due to the separation of the data plane and control plane. The concern is whether SDN networks are more dependable than existing traditional networks, and whether we can take advantage of all of SDN's characteristics when connecting with OT systems. Furthermore, deploying cyber security on a network infrastructure necessitates the creation and implementation of security policies that define the authorized communication between network devices. There is, however, a distinction to be made between security policies and the technologies that implement them. There is also often a distinction between intended policy and deployed or configured policy. Therefore there is a need to confirm compliance between policy and reality in a network. This is especially true in operational technology systems where there is a lot of network infrastructure and special purpose devices which can not be scanned or analyzed using traditional cyber security tools.

To address the cyber security issues in operational technology systems, this dissertation reviews cyber-incidents reported on them and summarizes possible attacks on each of their sub-systems to gain broader insight into vulnerabilities present in them and uses the common vulnerability exposure database to enumerate trends. Then, a process is formally developed and evaluated through a proof of concept tool to detect the security policy implemented in the control rules of an SDN switch deployed in an industrial control system network. These rules were analyzed to determine if this security policy is compliant with the organization's high-level policies.