Évf. 73 szám 1.ksz (2025), Tanulmányok
Évf. 73 szám 1.ksz (2025)

Cybersecurity of Operational Technology in Critical Infrastructures

Tanulmányok
Megjelent 2025-06-27
Péter Hunorfi
University of Óbuda
Tibor Farkas
University of Óbuda
PDF (Angol)

Kulcsszavak

Critical Infrastructure, Operational Technology, Cyber Defense, Hacker Attack, Industrial Control Systems (ICS), Insider Threats, SCADA

Hogyan kell idézni

Cybersecurity of Operational Technology in Critical Infrastructures. (2025). Belügyi Szemle, 73(1.ksz), 183-197. https://doi.org/10.38146/bsz-ajia.2025.v73.i1SI.pp183-197
ACM ACS APA ABNT Chicago Harvard IEEE MLA Turabian Vancouver AMA

Idézés letöltése

Endnote/Zotero/Mendeley (RIS) BibTeX

Absztrakt

Aim: The aim of this study is to present the relationship between critical infrastructures and operational technology (OT) and to explore the cybersecurity challenges arising from the integration of IT and OT systems. The central research question is: What are the main vulnerabilities that emerge in critical infrastructures due to the interconnection of OT and IT systems, and what defense strategies can mitigate these risks?

Methodology: The research adopts an interdisciplinary approach that combines theoretical-logical analysis, literature review, case study analysis, and the examination of practical examples. The following hypotheses were investigated:

H1: The convergence of IT and OT systems results in an increased attack surface, as OT systems become vulnerable through IT networks.

H2: The security mechanisms applied in critical infrastructures do not always meet the specific security requirements of OT, increasing system vulnerabilities.

H3: Proper segmentation strategies and the establishment of controlled communication channels between IT and OT networks can reduce the risk of cyberattacks.

The research also includes comparative analyses examining security measures applied in industrial and critical infrastructure settings. To gain a deeper understanding of the cybersecurity challenges of OT systems, industry reports and case studies were also analysed.

Findings: The protection of operational technology systems in critical infrastructures is crucial for maintaining social and economic stability. The digitalization of OT systems and their increasing integration with IT systems create new cybersecurity challenges that require a complex and multi-layered approach to address. The study highlights that proper segmentation and secure interconnection of IT and OT systems are key to effectively managing cyber threats.

Value: This research provides a comprehensive overview of the cybersecurity challenges associated with operational technology, with a particular focus on critical infrastructures. It offers valuable guidance for developing defense strategies from both scientific and practical perspectives, supporting the secure integration of IT and OT systems.

PDF (Angol)

Hivatkozások

Berzsenyi, D. (2014). Kiberbiztonsági analógiák és eltérések: A Közép-európai Kiberbiztonsági Platform részes országai által kiadott kiberbiztonsági stratégiák összehasonlító elemzése [Cybersecurity analogies and differences: A comparative analysis of cybersecurity strategies issued by the member countries of the Central European Cybersecurity Platform]. Nemzet és Biztonság, 7(4), 110–138. https://folyoirat.ludovika.hu/index.php/neb/article/view/4097/3352

Cervini, J., Rubin, A., & Watkins, L. (2022). Don’t drink the cyber: Extrapolating the possibilities of Oldsmar’s water treatment cyberattack. International Conference on Cyber Warfare and Security, 17(1), 19–25. https://doi.org/10.34190/iccws.17.1.29

Dragos. (2024). OT cybersecurity: The 2023 year in review. https://www.dragos.com/ot-cybersecurity-year-in-review/

Geiger, M., Bauer, J., Masuch, M., & Franke, J. (2020). An analysis of Black Energy 3, Crashoverride, and Trisis, three malware approaches targeting operational technology systems. In Proceedings of the 2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA) (pp. 1537–1543). IEEE. https://doi.org/10.1109/ETFA46521.2020.9212128

Green, M. (2022, April 19). Throwback attack: TRISIS malware mystifies industrial community. Industrial Cybersecurity Pulse. https://www.industrialcybersecuritypulse.com/threats-vulnerabilities/throwback-attack-trisis-malware-mystifies-industrial-community/

Haig, Z., Hajnal, B., Kovács, L., Muha, L., & Sik, Z. N. (2009). A kritikus információs infrastruktúrák meghatározásának módszertana [Methodology for defining critical information infrastructures]. ENO Advisory Kft. https://nki.gov.hu/wp-content/uploads/2009/10/a_kritikus_informacios_infrastrukturak_meghatarozasanak_modszertana.pdf

Hauet, J.-P. (2012). ISA99/IEC 62443: A solution to cyber-security issues? Paper presented at the ISA Automation Conference. https://www.kbintelligence.com/Medias/PDF/ISA_Doha_hauet.pdf

Hearn, G., Williams, P., Rodrigues, J. H. P., & Laundon, M. (2023). Education and training for industry 4.0: A case study of a manufacturing ecosystem. Education + Training, 65(8/9), 1070–1084. https://doi.org/10.1108/ET-10-2022-0407

Hunorfi, P. (2024). Az ISO/IEC 27001 szabvány elmélete és gyakorlati alkalmazása OT/ICS-rendszerek kiberbiztonsági jelentéseinek tükrében [Theory and practical application of the ISO/IEC 27001 standard in the context of cybersecurity reports of OT/ICS systems]. Scientia et Securitas, 5(3), 323–332. https://doi.org/10.1556/112.2024.00228

Kerti, A. (2023). Az információbiztonsági tudatosság fejlesztésének tervezése [Planning the development of information security awareness]. In Tóth, A. (Szerk.), Új típusú kihívások az infokommunikációban (pp. 181–194). Dialóg Campus Kiadó.

Muha, L. (2007). A Magyar Köztársaság kritikus információs infrastruktúráinak védelme [Protection of the critical information infrastructures of the Republic of Hungary] [Master’s thesis, Zrínyi Miklós Nemzetvédelmi Egyetem].

Müller, T. (2016). Kiberfenyegetések és kibervédelem [Cyber threats and cyber defense] (Infojegyzet 2016/44). Országgyűlés Hivatala Képviselői Információs Szolgálat. https://www.parlament.hu/documents/10181/595001/Infojegyzet_2016_44_kibervedelem.pdf

Nyári, N., & Kerti, A. (2021). A szoftverminőséggel kapcsolatos ISO szabványok áttekintése [Overview of ISO standards related to software quality]. Biztonságtudományi Szemle, 3(2), 61–72. https://biztonsagtudomany.hu/index.php/btsz/article/view/284

Répás, S., & Dalicsek, I. (2015). Az információbiztonsági kockázatelemzés módszertani kérdései a kritikus infrastruktúra elemeket üzemeltető szervezetek esetében [Methodological issues of information security risk analysis for organizations operating critical infrastructure elements]. Pro Publico Bono – Magyar Közigazgatás, 3(4), 22–33. https://folyoirat.ludovika.hu/index.php/ppbmk/article/view/2639

Slay, J., & Miller, M. (2007). Lessons learned from the Maroochy water breach. In E. Goetz & S. Shenoi (Eds.), Critical infrastructure protection (Vol. 253, pp. 73–82). Springer. https://doi.org/10.1007/978-0-387-75462-8_6

Vijayapriya, T., & Kothari, D. P. (2011). Smart grid: An overview. Smart Grid and Renewable Energy, 2(4), 305–311. https://doi.org/10.4236/sgre.2011.24035

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Copyright (c) 2025 Belügyi Szemle

Downloads

Download data is not yet available.

Hasonló cikkek

You may also Haladó hasonlósági keresés indítása for this article.