Technical Cyber Threats in Undersea Infrastructure

Technical Cyber Threats in Undersea Infrastructure

Subsea infrastructure (gas, data and electricity transmission) is integral to the functioning of societies and therefore has been subject of multiple (assumed) hybrid operations. In order to understand and safeguard against Cyber Threats, EU has funded and set up the VIGIMARE consortium, which is a...

Täydet tiedot

Bibliografiset tiedot
Päätekijä: Hartikainen, Hans
Muut tekijät: Informaatioteknologian tiedekunta, Faculty of Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Aineistotyyppi: Pro gradu
Kieli:eng
Julkaistu: 2025
Aiheet:
Kyberturvallisuuden maisteriohjelma
Master's Degree Programme in Cyber Security
Linkit: https://jyx.jyu.fi/handle/123456789/102946
_version_ 1834222500888707072
author Hartikainen, Hans
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Hartikainen, Hans Informaatioteknologian tiedekunta Faculty of Information Technology Jyväskylän yliopisto University of Jyväskylä Hartikainen, Hans Informaatioteknologian tiedekunta Faculty of Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Hartikainen, Hans
datasource_str_mv jyx
description Subsea infrastructure (gas, data and electricity transmission) is integral to the functioning of societies and therefore has been subject of multiple (assumed) hybrid operations. In order to understand and safeguard against Cyber Threats, EU has funded and set up the VIGIMARE consortium, which is a key resource in multiple ways for this thesis. Furthermore, the results of these thesis will be used for the VIGIMARE project. Due to the importance of subsea infrastructure, various threat actors might be interested in attacking with whatever means at their disposal, including cyber. In order to understand and to safeguard against said threats, a analysis using a Cyber Threat Management Framework is conducted. The constituent steps are a System-of-Systems Description, Threat Actor Analysis, Vulnerability Analysis, which were conducted as a literature survey, and an Attack Model, which is a novel artifact done using a constructive research approach. The focusing on the technical aspects of cyber threats. In the System-of-System description, we abstract the commonalities between the different transmission types, such as use of SCADA (Supervisory Control And Data Acquisition), while also covering the differing aspects, such as key features of cables and pipes. For the Threat Actor Analysis, previously used classification regarding threat actors concerning critical infrastructure in general is adopted to reflect this particular setting (particularly in light of threat actor motivations), and updated in light of recent observations and trends. For the Vulnerability analysis, both Informational and Operational Technology concerns of system under consideration are considered, leveraging the MITRE ATT&CK classification, research done regarding SCADA vulnerabilities, and observations of recent trends. The Attack Model was constructed using a workshop method. The uses of said model include attack analysis, converting and storing observed attacks as data, and presenting example scenarios. Merenalainen infrastruktuuri (datan-, kaasun-, ja sähkönsiirto) on yhteiskuntien toiminnan kannalta erittäin tärkeä, ja tästä syystä viimeaikaisten (oletettujen) hybridioperaatioiden kohde. Vedenalaisen infrastruktuurin suojelemiseksi holistisesti on aloitettu EU-rahoitteinen VIGIMARE-konsortiohanke, jonka puitteita ja verkostoa on hyödynnetty tämän tutkielman toteutuksessa, ja tämän tutkielman tuloksia käytetään hyödyksi VIGIMARE-hankkeen toteutuksessa. Uhkatoimijoilla on motivaatio hyökätä vedenalaista infrastruktuuria monimuotoisin keinoin, mukaan lukien kyberkeinoin. Kohdistuvien kyberuhkien ymmärtämiseksi ja niiltä suojautumiseksi, tutkielmassa suoritetaan kyberuhkien hallintakehikon mukainen analyysi. Kehikon osa-askeleet ovat systeemien-systeemikuvaus (System-of-Systems description), uhkatoimija-analyysi, haavoittuvuusanalyysi, jotka tehdään kirjallisuuskatsauksena, sekä hyökkäysmallinnus, joka on konstruktiivista tutkimusotetta käyttäen tehty uusi artefakti. Analyysi tehdään painottuen kyberuhkien teknisiin näkökulmiin. Systeemien-systeemikuvauksessa abstrahoidaan yleiset ominaisuudet eri infrastruktuurityypeille, kuten esim. SCADA-hallintajärjestelmän (Supervisory Control And Data Acquisition) käyttö, sekä käsitellään poikkeavat ominaisuudet, mm. kaapelien ja putkien keskeiset ominaisuudet. Uhkatoimija-analyysissä päivitetään aiemmin käytettyä kriittiseen infrastruktuuriin käytettyä kyberuhkatoimijaluokittelua viimeaikaisten tapahtumien valossa, sekä tulkitaan, kuinka uhkatoimijoiden motivaatiot voisivat ilmetä erityisesti vedenalaisen infrastruktuurin suhteen. Haavoittuvuusanalyysissä tulkitaan sekä informaatio- että operaatioteknologian kannalta systeemin merkittävimmät haavoittuvuudet käyttäen MITRE ATT&CK-haavoittuvuusluokitteluja, SCADA-järjestelmien suhteen tehtyä laajaa tutkimusta, sekä viimeaikaisia trendejä. Hyökkäysmallinnus on työpajamenetelmällä tehty graafipohjainen esitystapa, jota voidaan käyttää mm. hyökkäysten analysointiin, datana varastointiin, sekä skenaarioiden esittämiseen.
first_indexed 2025-06-02T20:00:55Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Lehto, Martti", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Hartikainen, Hans", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2025-06-02T11:44:18Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2025-06-02T11:44:18Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2025", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/102946", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Subsea infrastructure (gas, data and electricity transmission) is integral to the functioning of societies and therefore has been subject of multiple (assumed) hybrid operations. In order to understand and safeguard against Cyber Threats, EU has funded and set up the VIGIMARE consortium, which is a key resource in multiple ways for this thesis. Furthermore, the results of these thesis will be used for the VIGIMARE project. Due to the importance of subsea infrastructure, various threat actors might be interested in attacking with whatever means at their disposal, including cyber. In order to understand and to safeguard against said threats, a analysis using a Cyber Threat Management Framework is conducted. The constituent steps are a System-of-Systems Description, Threat Actor Analysis, Vulnerability Analysis, which were conducted as a literature survey, and an Attack Model, which is a novel artifact done using a constructive research approach. The focusing on the technical aspects of cyber threats. In the System-of-System description, we abstract the commonalities between the different transmission types, such as use of SCADA (Supervisory Control And Data Acquisition), while also covering the differing aspects, such as key features of cables and pipes. For the Threat Actor Analysis, previously used classification regarding threat actors concerning critical infrastructure in general is adopted to reflect this particular setting (particularly in light of threat actor motivations), and updated in light of recent observations and trends. For the Vulnerability analysis, both Informational and Operational Technology concerns of system under consideration are considered, leveraging the MITRE ATT&CK classification, research done regarding SCADA vulnerabilities, and observations of recent trends. The Attack Model was constructed using a workshop method. The uses of said model include attack analysis, converting and storing observed attacks as data, and presenting example scenarios.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Merenalainen infrastruktuuri (datan-, kaasun-, ja s\u00e4hk\u00f6nsiirto) on yhteiskuntien toiminnan kannalta eritt\u00e4in t\u00e4rke\u00e4, ja t\u00e4st\u00e4 syyst\u00e4 viimeaikaisten (oletettujen) hybridioperaatioiden kohde. Vedenalaisen infrastruktuurin suojelemiseksi holistisesti on aloitettu EU-rahoitteinen VIGIMARE-konsortiohanke, jonka puitteita ja verkostoa on hy\u00f6dynnetty t\u00e4m\u00e4n tutkielman toteutuksessa, ja t\u00e4m\u00e4n tutkielman tuloksia k\u00e4ytet\u00e4\u00e4n hy\u00f6dyksi VIGIMARE-hankkeen toteutuksessa. Uhkatoimijoilla on motivaatio hy\u00f6k\u00e4t\u00e4 vedenalaista infrastruktuuria monimuotoisin keinoin, mukaan lukien kyberkeinoin. Kohdistuvien kyberuhkien ymm\u00e4rt\u00e4miseksi ja niilt\u00e4 suojautumiseksi, tutkielmassa suoritetaan kyberuhkien hallintakehikon mukainen analyysi. Kehikon osa-askeleet ovat systeemien-systeemikuvaus (System-of-Systems description), uhkatoimija-analyysi, haavoittuvuusanalyysi, jotka tehd\u00e4\u00e4n kirjallisuuskatsauksena, sek\u00e4 hy\u00f6kk\u00e4ysmallinnus, joka on konstruktiivista tutkimusotetta k\u00e4ytt\u00e4en tehty uusi artefakti. Analyysi tehd\u00e4\u00e4n painottuen kyberuhkien teknisiin n\u00e4k\u00f6kulmiin. Systeemien-systeemikuvauksessa abstrahoidaan yleiset ominaisuudet eri infrastruktuurityypeille, kuten esim. SCADA-hallintaj\u00e4rjestelm\u00e4n (Supervisory Control And Data Acquisition) k\u00e4ytt\u00f6, sek\u00e4 k\u00e4sitell\u00e4\u00e4n poikkeavat ominaisuudet, mm. kaapelien ja putkien keskeiset ominaisuudet. Uhkatoimija-analyysiss\u00e4 p\u00e4ivitet\u00e4\u00e4n aiemmin k\u00e4ytetty\u00e4 kriittiseen infrastruktuuriin k\u00e4ytetty\u00e4 kyberuhkatoimijaluokittelua viimeaikaisten tapahtumien valossa, sek\u00e4 tulkitaan, kuinka uhkatoimijoiden motivaatiot voisivat ilmet\u00e4 erityisesti vedenalaisen infrastruktuurin suhteen. Haavoittuvuusanalyysiss\u00e4 tulkitaan sek\u00e4 informaatio- ett\u00e4 operaatioteknologian kannalta systeemin merkitt\u00e4vimm\u00e4t haavoittuvuudet k\u00e4ytt\u00e4en MITRE ATT&CK-haavoittuvuusluokitteluja, SCADA-j\u00e4rjestelmien suhteen tehty\u00e4 laajaa tutkimusta, sek\u00e4 viimeaikaisia trendej\u00e4. Hy\u00f6kk\u00e4ysmallinnus on ty\u00f6pajamenetelm\u00e4ll\u00e4 tehty graafipohjainen esitystapa, jota voidaan k\u00e4ytt\u00e4\u00e4 mm. hy\u00f6kk\u00e4ysten analysointiin, datana varastointiin, sek\u00e4 skenaarioiden esitt\u00e4miseen.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2025-06-02T11:44:18Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2025-06-02T11:44:18Z (GMT). No. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "60", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": null, "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.title", "value": "Technical Cyber Threats in Undersea Infrastructure", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202506024755", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuuden maisteriohjelma", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Master's Degree Programme in Cyber Security", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.description.accessibilityfeature", "value": "ei tietoa saavutettavuudesta", "language": "fi", "element": "description", "qualifier": "accessibilityfeature", "schema": "dc"}, {"key": "dc.description.accessibilityfeature", "value": "unknown accessibility", "language": "en", "element": "description", "qualifier": "accessibilityfeature", "schema": "dc"}]
id jyx.123456789_102946
language eng
last_indexed 2025-06-02T20:01:16Z
main_date 2025-01-01T00:00:00Z
main_date_str 2025
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/fb1c75f8-6545-4937-99f0-86448239cad3\/download","text":"URN:NBN:fi:jyu-202506024755.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2025
record_format qdc
source_str_mv jyx
spellingShingle Hartikainen, Hans Technical Cyber Threats in Undersea Infrastructure Kyberturvallisuuden maisteriohjelma Master's Degree Programme in Cyber Security
title Technical Cyber Threats in Undersea Infrastructure
title_full Technical Cyber Threats in Undersea Infrastructure
title_fullStr Technical Cyber Threats in Undersea Infrastructure Technical Cyber Threats in Undersea Infrastructure
title_full_unstemmed Technical Cyber Threats in Undersea Infrastructure Technical Cyber Threats in Undersea Infrastructure
title_short Technical Cyber Threats in Undersea Infrastructure
title_sort technical cyber threats in undersea infrastructure
title_txtP Technical Cyber Threats in Undersea Infrastructure
topic Kyberturvallisuuden maisteriohjelma Master's Degree Programme in Cyber Security
topic_facet Kyberturvallisuuden maisteriohjelma Master's Degree Programme in Cyber Security
url https://jyx.jyu.fi/handle/123456789/102946 http://www.urn.fi/URN:NBN:fi:jyu-202506024755
work_keys_str_mv AT hartikainenhans technicalcyberthreatsinunderseainfrastructure

Samankaltaisia teoksia