| dc.description.abstract | Although economies worldwide are focusing on moving towards green energy sources, reliance on oil & gas is expected to remain high in the foreseeable future. With the increasing
complexity and rate of cyber attacks against this industry, developing and maintaining robust cyber security is increasingly important. This thesis uses applied cybersecurity research
methods to develop and test a proof-of-concept vulnerability assessment framework for offshore industrial control systems. In this thesis, we conduct experiments on a test environment
that contains and simulates an ICS for drilling. This technology is developed, maintained,
and supplied by the project stakeholder.
By investigating the current literature regarding offshore industrial control system security,
we have determined that vulnerability assessment in this context is understudied. This is
also the basis for conducting this work, paired with the stakeholder’s wishes to investigate
and develop methods to conduct security testing on their systems.
This thesis presents methods for using a story-driven development approach to security
testing. Then, we develop and implement security tests based on the requirements gathered.
Further, we analyze and discuss the results and consider the applicable limitations. Finally,
we present our key findings, conclusions, limitations, and two specific opportunities for future
research. | |