Validation of Sensor Data Integrity in OT Environments Through Multisource Data Sensors

Authors

  • Jussi Simola University of Jyväskylä https://orcid.org/0000-0002-8685-9494
  • Arttu Takala University of Jyväskylä
  • Riku Lehkonen University of Jyväskylä
  • Tapio Frantti University of Jyväskylä
  • Reijo Savola University of Jyväskylä

DOI:

https://doi.org/10.34190/eccws.23.1.2335

Keywords:

testbed environment, sensor integration, sensor data integrity, operational technology, cybersecurity

Abstract

This research paper focuses on detecting cyber threats from the OT environment by combining data from multiple sources. Monitoring cyber security or hybrid threats in an industrial OT environment is difficult due to different equipment, protocols, environments, personnel management and training, etc. However, the OT environment can also be observed with a multisource sensor system, which can be used to collect data. By combining IT and OT data, additional cyber threats can be found. Especially concerning the integrity of OT command-and-control data. We deal with the key concepts and differences of the industrial operating environment, which create challenges compared to the traditional IT environment. This is important because the policies defined at the European level for the NIS2 regulation are coming to touch all member countries, regardless of what the national implementation schedule is. The increased standards for OT environment cyber security implementation and development will also have an impact on the personnel management and training to support the onboarding of the standards in practice. Critical infrastructure protection is important because, without the protection of critical infrastructure, vital functions cease to function. Hostile actors cause security challenges among Western actors. In this study, we delve into whether it is possible to find threats concerning OT command-and-control process. The increased data surface collected from the IT/OT environment improves the capabilities for the system to detect malicious attacks towards the OT system. With the help of test equipment, the goal is to demonstrate that it is possible to find threats by combining data from multiple sources. With the help of test equipment, we find out IT and OT capabilities, which we load with various attacks and anomalies. We produce added value compared to traditional monitoring method test cases by comparing data obtained from different sources. The research paper shows the importance of detecting OT threats. By monitoring IT and OT environments and combining their data, we can find hidden threats. Only one test equipment configuration has been used in the study, but the results can be generalized and classified. The study also provides guidelines for how the detection of cyber threat capabilities should be developed.

Author Biographies

Jussi Simola, University of Jyväskylä

Jussi Simola is a postdoctoral researcher at the University of Jyväskylä, and his current research focuses on developing the cybersecurity governance model of operational technology for industry stakeholders. He has worked as a cybersecurity specialist at Laurea University of Applied Sciences and participated in developing a joint early warning system for the EU member countries.

Arttu Takala, University of Jyväskylä

Arttu Takala is a D.Sc. student who holds the degree MSc. from the Faculty of Information Technology, University of Jyväskylä, as well as a BSc. in Information Technology, Jyväskylä University of Applied Science. He is a certified IT teacher, competent to teach at all levels of education. At the University of Jyväskylä, Arttu has worked as a cybersecurity teacher/researcher since 2017 and is currently working as a project researcher. Previously, Arttu worked in software development, among other firms, Nokia and Tieto. His research interest is in technical cyber security.

Riku Lehkonen, University of Jyväskylä

Riku Lehkonen is currently serving as a Research Assistant at the University of Finland, working on the CSG project. He holds a Bachelor’s Degree in Information Technology and is in the process of completing his Master's Degree in Information Technology. He has a special interest and experience in internal network security-oriented detection, focusing on detecting backdoor and covert channel communication.

Tapio Frantti, University of Jyväskylä

Tapio Frantti holds degrees of MSc, LicTech and Dr. Tech. from the Department of Automation and Information Technology, University of Oulu. He is also an Adjunct Professor in the University of Oulu. Currently, he works as a cybersecurity professor at the University of Jyväskylä. He also works in FRE company doing security, communication and control engineering consultation. He has been on the field about 30 years and he has published +100 scientific and technical papers in journals, magazines, books and international conferences. He has also authored several patents.

Reijo Savola, University of Jyväskylä

Mr. Reijo Savola is currently working as a Project Manager in cybersecurity at the University of Jyväskylä, Faculty of Information Technology, Finland. He has experience in cyber security systems engineering, risk analysis and risk-driven methods, software engineering, telecommunications, and digital signal processing. Earlier, he worked as Principal Scientist, cybersecurity at VTT Technical Research Centre of Finland. He received the degree of M.Sc. in Electrical Engineering from the University of Oulu, Finland, in 1992 and the degree of Licentiate of Technology in Computer Science from the Tampere University of Technology, Finland, in 1995. In addition to research experience, he has seven years of industrial experience in the telecommunications sector, having worked as a software engineering and digital signal processing projects for Elektrobit Group Plc. in Oulu, Finland and in Redmond, WA, United States. Mr. Savola acts as the Chairman of the Finnish Mirror Group for ISO/IEC JTC1/SC27 standardization (Information security, cybersecurity and privacy protection) and CEO of the Northern European Cybersecurity Cluster (NECC).

Downloads

Published

2024-06-21