SİBER ALTYAPI KILAVUZU: IT/OT ENTEGRASYONU

Year 2025, Volume: 18 Issue: 1, 378 - 391, 30.01.2025

Mustafa Bilgehan İmamoğlu

Abstract

Bilgi ve iletişim teknolojilerindeki yenilikler daha karmaşık ve tehlikeli güvenlik sorunlarını ortaya çıkarmıştır. Bu mağduriyetin bir parçası olan endüstriler, siber güvenlik alanındaki yetersiz uygulamalar nedeniyle maddi ve manevi kayıplarla yüzleşmektedir. Bu durum altyapı ve endüstriyel sistemleri siber tehdit ve saldırılardan korumaya odaklanan endüstriyel siber güvenlik alanının önemini arttırmaktadır. Çeşitli endüstri dallarında kullanılan operasyonel teknolojiler ve endüstriyel kontrol sistemlerinin korunmasını kapsayan endüstriyel siber güvenlik iş ve süreçlere odaklanmaktadır. Prosesleri kesintiye uğratabilecek, tehlikelere neden olabilecek siber riskleri minimize ederek kritik altyapı ve süreçlerin güvenli bir şekilde kesintisiz çalışmasını sağlamaktadır. Her gün evrim geçiren siber saldırı türleri endüstrileri iş ve süreçlerini ciddi risklerle yüzleştirmektedir. Bu risklerin minimalize edilmesi için geleneksel koruma yöntemleri yeterli gelmemektedir. Bunun yerine endüstrilerin güncel siber güvenlik önlemlerini değiştirerek bilgi teknolojileri ile operasyonel teknolojilerini entegre etmelidir. Böylelikle siber saldırı gerçekleşmeden önlem alınabilecek ve kesintisiz bir iş süreci sağlanabilecektir. Bunun yanı sıra operasyonel teknolojilerden elde edilen veriler güncel yaklaşımlarla ele alınmalıdır. Bu bağlamda çalışma, hızla gelişen siber risklere karşı endüstrilere bilgi teknolojileri ile operasyonel teknolojilerinin entegrasyonun sağlanmasına yönelik bir kılavuz olmayı ve sahip olması gereken nitelik ve standartlar konusunda farkındalık yaratmayı amaçlamaktadır. Sağlanan bu yol haritası ile endüstriler riskleri öngörerek kesintisiz ve güvenli bir iş modeli oluşturabileceklerdir.

Keywords

Siber Güvenlik, Endüstri, Büyük Veri, Bilgi Teknolojisi, Organizasyonel Teknoloji

CYBER INFRASTRUCTURE GUIDE: IT/OT INTEGRATION

Abstract

Innovations in information and communication technologies have led to complex and dangerous security problems. Industries face financial and reputational losses due to inadequate applications in the field of cybersecurity. This situation increases the importance of industrial cybersecurity, which tries to protect industrial systems from cyber threats and attacks. Industrial cybersecurity is responsible for the protection of operational technologies and industrial control systems used in various branches of the industry, focusing on the continuity of business and the security of processes. It ensures the uninterrupted and secure operation of infrastructure and processes by minimizing cyber risks that may harm business and processes. Continuously evolving types of cyberattacks pose serious risks to industrial business and processes. Traditional protection methods are not sufficient to reduce these risks. Instead, industries should develop existing cybersecurity measures and integrate information technologies with operational technologies. In this way, initiative-taking measures can be taken before a cyberattack occurs, and uninterrupted business operations can be ensured. In addition, data obtained from operational technologies should be handled with up-to-date approaches. In this context, this study aims to serve as a guide for the integration of information technologies and operational technologies in industries against rapidly evolving cyber risks and to raise awareness about the necessary qualifications and standards they need to maintain. Thanks to this roadmap, sectors will be able to predict risks in advance and create an uninterrupted and secure business model.

Keywords

Cybersecurity, Industry, Big Data, Information Technology, Organizational Technology

References

• Abdalgawad, N., Sajun, A., Kaddoura, Y., Zualkernan, I. A., and Aloul, F. (2022). "Generative Deep Learning to Detect Cyberattacks for the IoT-23 Dataset," in IEEE Access, vol. 10, pp. 6430-6441. doi: 10.1109/ACCESS.2021.3140015.
• Alemdar, A. (2020). Bilgi Güvenliği ve Siber Güvenlik | Türkiye Siber Güvenlik Kümelenmesi. Erişim: https://www.defenceturk.net/bilgi-guvenligi-ve-siber-guvenlik-turkiye-siber-guvenlik-kumelenmesi
• Arshad, K., Ali, R., Muneer, A., Aziz, I., Naseer, S., Khan, N., & Taib, S. (2022). Deep Reinforcement Learning for Anomaly Detection: A Systematic Review. IEEE Access, 10, 124017-124035. https://doi.org/10.1109/ACCESS.2022.3224023.
• Bendovschi, A. (2015). Cyber-Attacks – Trends, Patterns and Security Countermeasures. Procedia Economics and Finance, 28, 24–31. doi:10.1016/s2212-5671(15)01077-1
• Benias, N. and Markopoulos, A. P. (2017). "A review on the readiness level and cyber-security challenges in Industry 4.0," South Eastern European Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM), Kastoria, Greece, 2017, pp. 1-5, doi: 10.23919/SEEDA-CECNSM.2017.8088234.
• Bigelor, S. J. & Lutkevich, B. (2021). What is IT/OT convergence? Everything you need to know. Erişim: https://www.techtarget.com/searchitoperations/definition/IT-OT-convergence
• Casalicchio, E., & Gualandi, G. (2021). ASiMOV: A self-protecting control application for the smart factory. Future Generation Computer Systems, 115, 213–235. doi:10.1016/j.future.2020.09.003
• Cigref (2019). IT/OT Convergence: A fruitful integration of information systems and operational systems. https://www.cigref.fr/wp/wp-content/uploads/2020/02/Cigref-IT-OT-Convergence-Fruitful-integration-information-operational-systems-December-2019-EN.pdf
• Clim A, Toma A, Zota RD, Constantinescu R. (2023).The Need for Cybersecurity in Industrial Revolution and Smart Cities. Sensors. 23(1):120. https://doi.org/10.3390/s23010120
• Conklin, W. A. (2016). "IT vs. OT Security: A Time to Consider a Change in CIA to Include Resilienc," 2016 49th Hawaii International Conference on System Sciences (HICSS), Koloa, HI, USA, pp. 2642-2647, doi: 10.1109/HICSS.2016.331.
• Dalmazo, B., Marques, J., Costa, L., Bonfim, M., Carvalho, R., Silva, A., Fernandes, S., Bordim, J., Alchieri, E., Schaeffer-Filho, A., Gaspary, L., & Cordeiro, W. (2021). A systematic review on distributed denial of service attack defense mechanisms in programmable networks. International Journal of Network Management, 31. https://doi.org/10.1002/nem.2163.
• de Azambuja, A.J.G.; Plesker, C.; Schützer, K.; Anderl, R.; Schleich, B.; Almeida, V.R. (2023) Artificial Intelligence-Based Cybersecurity in the Context of Industry 4.0—A Survey. Electronics, 12, 1920. https://doi.org/10.3390/electronics12081920
• Ervural, B. C., & Ervural, B. (2017). Overview of Cybersecurity in the Industry 4.0 Era. Industry 4.0: Managing The Digital Transformation, 267–284. doi:10.1007/978-3-319-57870-5_16
• Giannelli C, Picone M. (2022). “Industrial IoT as IT and OT Convergence: Challenges and Opportunities”. IoT. 3(1):259-261. https://doi.org/10.3390/iot3010014
• Gruyter, D. (2021). Industrielle Cybersicherheit: ein Wachstumsmarkt. Zeitschrift für wirtschaftlichen Fabrikbetrieb, 116(12), 857-857. https://doi.org/10.1515/zwf-2021-1019
• Güdek, B. (2023). Endüstriyel dönüşüm ve endüstri 5.0. Ömer Halisdemir Üniversitesi İktisadi Ve İdari Bilimler Fakültesi Dergisi, 16(4), 1129-1142. https://doi.org/10.25287/ohuiibf.1331731
• IBM (2023) Erişim: What is cybersecurity? https://www.ibm.com/topics/cybersecurity
• Intelegain Technologies (2022). The Ultimate Guide to IoT-Driven Digital Transformation in Manufacturing. Available online: https://www.intelegain.com/the-ultimate-guide-to-iot-driven-digital-transformation-in-manufacturing/ (20.09.2024).
• John Justin, M., & Manimurugan, S. (2012). A survey on various encryption techniques. International Journal of Soft Computing and Engineering (IJSCE) ISSN, 2231, 2307.
• Kalakuntla, R., Vanamala,A. & Kolipyaka,R.(2019).Cybersecurity. HOLISTICA – Journal of Business and Public Administration,10(2) 115-128. https://doi.org/10.2478/hjbpa-2019-0020
• Kamal, S. Z., Al Mubarak, S. M., Scodova, B. D., Naik, P.. , Flichy, P.. , and G.. Coffin (2016). "IT and OT Convergence - Opportunities and Challenges." Paper presented at the SPE Intelligent Energy International Conference and Exhibition, Aberdeen, Scotland, UK. doi: https://doi.org/10.2118/181087-MS
• Koay, A.M.Y., Ko, R.K.L., Hettema, H. et al. Machine learning in industrial control system (ICS) security: current landscape, opportunities and challenges. J Intell Inf Syst 60, 377–405 (2023). https://doi.org/10.1007/s10844-022-00753-1
• Kumar, D. & Panchanatham, N. (2015). A case study on Cybersecurity in E-Governance. International Research Journal of Engineering and Technology (IRJET). 2(8), 272-275.
• Lindemann, B., Maschler, B., Sahlab, N., & Weyrich, M. (2021). A survey on anomaly detection for technical systems using LSTM networks. Computers in Industry, 131, 103498.
• Lipnicki, P., Lewandowski D., Pareschi D., Pakos W. and Ragaini E. (2018). "Future of IoTSP – IT and OT Integration," 2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud), Barcelona, pp. 203-207, doi: 10.1109/FiCloud.2018.00037.
• Ma, X., Wu, J., Xue, S., Yang, J., Zhou, C., Sheng, Q., & Xiong, H. (2021). A Comprehensive Survey on Graph Anomaly Detection With Deep Learning. IEEE Transactions on Knowledge and Data Engineering, 35, 12012-12038. https://doi.org/10.1109/TKDE.2021.3118815.
• Mining (WSDM '21). Association for Computing Machinery, New York, NY, USA, 1127–1130. https://doi.org/10.1145/3437963.3441659
• Munir, M., Siddiqui, S., Dengel, A., & Ahmed, S. (2019). DeepAnT: A Deep Learning Approach for Unsupervised Anomaly Detection in Time Series. IEEE Access, 7, 1991-2005. https://doi.org/10.1109/ACCESS.2018.2886457.
• Murray, G., Johnstone, M. N., & Valli, C. (2017). The convergence of IT and OT in critical infrastructure. DOI: 10.4225/75/5a84f7b595b4e
• Nikander, J., Manninen, O., & Laajalahti, M. (2020). Requirements for cybersecurity in agricultural communication networks. Computers and electronics in agriculture, 179, 105776.
• Paes, R., Mazur D. C., Venne B. K. and Ostrzenski J. (2020). "A Guide to Securing Industrial Control Networks: Integrating IT and OT Systems," in IEEE Industry Applications Magazine, vol. 26, no. 2, pp. 47-53, March-April 2020, doi: 10.1109/MIAS.2019.2943630.
• Pang, G., Shen, C., Cao, L., & Hengel, A. (2020). Deep Learning for Anomaly Detection. ACM Computing Surveys (CSUR), 54, 1 - 38. https://doi.org/10.1145/3439950.
• Pang, G. Cao, L., and Aggarwal, C. (2021). Deep Learning for Anomaly Detection: Challenges, Methods, and Opportunities. In Proceedings of the 14th ACM International Conference on Web Search and Data
• Pang, G., Shen, C., Cao, L., and Hengel, A.V.D. (2022). Deep Learning for Anomaly Detection: A Review. ACM Comput. Surv. 54, 2. https://doi.org/10.1145/3439950
• Sahay, R., Geethakumari, G., & Mitra, B. (2021). A holistic framework for prediction of routing attacks in IoT-LLNs. The Journal of Supercomputing, 78, 1409 - 1433. https://doi.org/10.1007/s11227-021-03922-1.
• Soori, M., Arezoo, B. & Dastres, R. (2023). Internet of things for smart factories in industry 4.0, a review. Internet of Things and Cyber-Physical Systems. 3, 192-204. doi:10.1016/j.iotcps.2023.04.006
• Tian, S. and Hu, Y. (2019). "The Role of OPC UA TSN in IT and OT Convergence," 2019 Chinese Automation Congress (CAC), Hangzhou, China, pp. 2272-2276, doi: 10.1109/CAC48633.2019.8996645.
• Ukwandu, E.; Ben-Farah, M.A.; Hindy, H.; Bures, M.; Atkinson, R.; Tachtatzis, C.; Andonovic, I.; Bellekens, X. (2022). Cyber-Security Challenges in Aviation Industry: A Review of Current and Future Trends. Information, 13, 146. https://doi.org/10.3390/info13030146
• Ullah I. and Mahmoud, Q. H. (2022) "Design and Development of RNN Anomaly Detection Model for IoT Networks," in IEEE Access, vol. 10, pp. 62722-62750. doi: 10.1109/ACCESS.2022.3176317.
• Visconti, P., Rausa, G., Del-Valle-Soto, C., Velázquez, R., Cafagna, D., & De Fazio, R. (2024). Machine Learning and IoT-Based Solutions in Industrial Applications for Smart Manufacturing: A Critical Review. Future Internet, 16(11), 394. https://doi.org/10.3390/fi16110394
• Zhang, Z., Zhang, Y.Q., Chu, X. & Li, B. (2004). An Overview of Virtual Private Network (VPN): IP VPN and Optical VPN. Photonic Network Communications. 7, 213-225.