| dc.description.abstract | Industrial Control Systems are used for controlling physical processes. An example of a physical process is the distribution of power in the power industry. These processes are a part of nations critical infrastructure, and it's, therefore, essential to know how these systems operate in case of an event.
Awareness of Industrial Control Systems is imperative to understand the state of the system. A way of obtaining the state of a system is to collect and correlate information from each part of the system. To be able to achieve this monitoring sensor can be used in the system to collect information to be analyzed. Industrial Control Systems' main priority is, however, physical safety if something happens.
To be able to understand what happened when an incident occurred it is essential to have a deeper understanding of how an Industrial Control System operate and behave under normal operation. Therefore, it is imperative to know how the information flows in the system, which components that can retain a state and where to place sensors in the system to be able to capture data that can be used for correlating events and give a state of the system even after an event has occurred.
This research study proposes an architecture for monitoring of Industrial Control Systems, the location of the monitoring sensors and which sensor to use is presented. Further, a hardware architecture and a discussion of memory of the four components; Thermal sensor, Remote Terminal Unit, Human Machine Interface, and Supervisory Control And Data Acquisition server is presented. In terms of identifying relevant components that can retain a relevant state after an event has occurred. Lastly, the study proposes were to aggregate the collected network traffic to be able to identify augmenting and corroborating information.
Next, to the theoretical results, a lab experiment was conducted in a lab environment to analyze real-time network traffic when a threat actor creates a disturbance in the system. | |
