Evaluating NCA OTCC’s Effectiveness in ICS Cybersecurity: A Comparative Analysis with NIST SP800-82 Rev.3 and IEC62443

dc.contributor.advisorAhmed, Mujeeb
dc.contributor.authorOmran, Abdullah
dc.date.accessioned2024-11-25T06:04:30Z
dc.date.issued2024-08-13
dc.description.abstractThis study evaluates the effectiveness of the newly released Saudi Arab ia Operational Technology Cyb ersecurity Controls (OTCC) in protecting and mitigating industrial control systems (ICS) infrastructures. As critical infrastructure threats and attacks increase exponentially, assessing national frameworks is crucial for enhancing cyb ersecurity posture in those critical infrastructures. This research compares OTCC with well- known international standards like NIST SP800-82 Rev.3 and IEC 62443 while analyzing the coverage against real-world cyb er threats using the MITRE ATT&CK for ICS framework. In this research, a mixed-method approach was developed which contains comparative analysis, control mapping, and simulated ICS environments. These methods helped in reviewing OTCC structure, mapped relevant controls to MITRE ATT&CK techniques, and did a side-by-side comparison with NIST SP800-82 Rev.3. Our findings showed that OTCC provided a foundation for ICS security in Saudi Arab ia while lacking some depth and comprehensiveness when compared to international standards. OTCC covers approximately 60% of NIST SP800- 82 Rev.3 control areas often with less guidance and discussion for controls. Mapping against MITRE ATT&CK showed some gaps in terms of addressing attack techniques with a coverage of only 60% compared to 86% for NIST SP800- 82 Rev.3 and 97% for IEC 62443. The study highlights OTCC limitations in mitigating and protecting against sophisticated cyb er threats in particular those employed by APT groups targeting critical infrastructure. This shows the need for enhancements to OTCC to match the effectiveness of international standards in protecting Saudi Arab ia’s ICS environments. Future research should focus more on real-world implementation studies and developing frameworks to address evolving threats used by APT groups in the ICS landscape.
dc.format.extent62
dc.identifier.urihttps://hdl.handle.net/20.500.14154/73719
dc.language.isoen
dc.publisherNewcastle University
dc.subjectIndustrial Control Systems (ICS)
dc.subjectOTCC
dc.subjectNIST SP800-82
dc.subjectMITRE ATT&CK
dc.subjectcybersecurity
dc.titleEvaluating NCA OTCC’s Effectiveness in ICS Cybersecurity: A Comparative Analysis with NIST SP800-82 Rev.3 and IEC62443
dc.typeThesis
sdl.degree.departmentSchool of Computing
sdl.degree.disciplineMSc Cybersecurity
sdl.degree.grantorNewcastle University
sdl.degree.nameMSc

Files

Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
SACM-Dissertation.pdf
Size:
7.03 MB
Format:
Adobe Portable Document Format

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.61 KB
Format:
Item-specific license agreed to upon submission
Description:

Copyright owned by the Saudi Digital Library (SDL) © 2024