Vlajic, NatalijaCianfarani, Gabriele Alberto2025-04-102025-04-102025-02-052025-04-10https://hdl.handle.net/10315/42882Over the past decade, industrial control systems (ICSs) and critical infrastructure (CI) have become prime targets for advanced persistent threat (APT) groups and nation-state actors due to their potential for severe impact. This has resulted in the cybersecurity community increasing their focus on ICS/CI threat modelling and defence. This thesis examines the crucial role of the internal network reconnaissance stage of ICS/CI attacks, particularly those using the OPC UA standard with encrypted in-transit data. We first introduce a comprehensive attack tree outlining data siphoning strategies and highlight the importance of periodic encryption-key rotation to mitigate risk. Noting the lack of clear cryptoperiod guidelines in industry standards, we then present the Automatic Risk-based Cryptoperiod Calculation (ARC-C) framework. ARC-C aims to optimally determine cryptoperiod lengths based on security risks and operational constraints. We demonstrate its application in two realistic ICS environments: a Water Treatment Plant and an Energy Storage System.Author owns copyright, except where explicitly noted. Please contact the author directly with licensing requests.Electronic Thesis or Dissertation2025-04-10Computer securitySecurityCryptoperiodData exfiltrationData siphoningIndustrial control systemsICSRiskRisk assessmentRisk-based framework