Cybersecurity Standards-Based Model for IT/OT Converged Environments
Uutela, Kimi (2025-05-29)
Cybersecurity Standards-Based Model for IT/OT Converged Environments
(29.05.2025)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2025061065208
https://urn.fi/URN:NBN:fi-fe2025061065208
Tiivistelmä
This thesis addresses the cybersecurity challenges posed by the convergence of Information Technology (IT) and Operational Technology (OT) in industrial environments. The aim is to develop a practical cybersecurity framework that supports secure operations, regulatory compliance, and risk management in mixed IT/OT systems. The research is based on an extensive analysis of internationally recognized standards such as the IEC 62443 series, ISO 27001, and the EU NIS2 Directive, comprehended by industrial reference architectures including PERA, RAMI 4.0, and IIRA, and a review of recent academic and industry research.
The thesis proposes a modular cybersecurity framework structured into six control domains: Network, Hardware, Software, Redundancy, Governance and Compliance, and Security. This structure allows organizations to organize their cybersecurity practices systematically across industrial environments. The results show that existing standards, despite their varied scopes, can be interpreted and integrated to support a unified governance and control model for IT/OT environments.
The thesis concludes that a domain-based structure offers a practical and clear methodology for implementing cybersecurity controls in industrial operations. The work highlights the need for continuous assessment and adaptation of cybersecurity measures due to evolving threats and addresses limitations in harmonization across existing industrial cybersecurity standards.
The thesis proposes a modular cybersecurity framework structured into six control domains: Network, Hardware, Software, Redundancy, Governance and Compliance, and Security. This structure allows organizations to organize their cybersecurity practices systematically across industrial environments. The results show that existing standards, despite their varied scopes, can be interpreted and integrated to support a unified governance and control model for IT/OT environments.
The thesis concludes that a domain-based structure offers a practical and clear methodology for implementing cybersecurity controls in industrial operations. The work highlights the need for continuous assessment and adaptation of cybersecurity measures due to evolving threats and addresses limitations in harmonization across existing industrial cybersecurity standards.