Loading...
CYBERSECURITY IN MOTION: PROTECTING CRITICAL INFRASTRUCTURE FOR AUTONOMOUS SYSTEMS
| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 2.73 MB | Adobe PDF |
Advisor(s)
Abstract(s)
Num panorama digital cada vez mais hostil, a segurança da inovação tecnológica
é fundamental. Esta tese detalha um estágio de nove meses na TEKEVER II
Autonomous Systems, uma empresa desenvolvedora de veículos aéreos não tripulados
(UAVs) avançados, que começou com uma postura de cibersegurança incipiente. O
objetivo principal era fazer a transição da organização de um modelo de segurança
reativo para um proativo, estabelecendo uma estrutura básica de cibersegurança por
meio de auditorias de segurança, fortalecimento da infraestrutura, maior visibilidade
das ameaças e iniciativas de conscientização dos funcionários.
Foi empregada uma combinação de metodologias ofensivas e defensivas. As avaliações
ofensivas incluíram um teste de penetração à rede sem fios que comprometeu
a rede corporativa e uma análise interna abrangente que catalogou mais de 600
vulnerabilidades. Testes de penetração em produtos-chave, incluindo a plataforma
ATLAS, também revelaram falhas críticas. As ações defensivas formaram o núcleo
do esforço de remediação. Foi implementada uma solução de deteção e resposta de
dispositivos (EDR) em toda a empresa, proporcionando visibilidade e capacidades
de resposta cruciais. A infraestrutura crítica foi sistematicamente reforçada e foi
implementado um conjunto de ferramentas de segurança, tais como o Graylog para
registos, o Dependency Track para análise SBOM e o PrivateBin para partilha
segura de informação, a fim de construir um ecossistema robusto de operações de
segurança.
Reconhecendo o elemento humano, foi executada uma campanha de phishing em
grande escala, gerando uma taxa de cliques pouco acima de 10%, o que estabeleceu
uma base clara para a conscientização sobre segurança e ressaltou a necessidade
de treinamento contínuo. Em conclusão, este estágio estabeleceu com sucesso as
bases para um programa de cibersegurança moderno e resiliente na TEKEVER.
Ao identificar sistematicamente os riscos, implementar controlos fundamentais e
implantar tecnologias defensivas avançadas, a superfície de ataque da empresa foi
reduzida de forma mensurável e foi iniciada uma cultura de segurança, estabelecendo
os processos necessários para a melhoria contínua.
In an increasingly hostile digital landscape, the security of technological innovation is paramount. This dissertation details a nine-month internship at TEKEVER II Autonomous Systems, a developer of advanced Unmanned Aerial Vehicles (UAVs), which began with a nascent cybersecurity posture. The primary goal was to transition the organisation from a reactive to a proactive security model by establishing a foundational cybersecurity framework through security audits, infrastructure hardening, enhanced threat visibility, and employee awareness initiatives. A combination of offensive and defensive methodologies was employed. Offensive assessments included a wireless penetration test that compromised the corporate network and a comprehensive internal scan that catalogued more than 600 vulnerabilities. Penetration tests on key products, including the ATLAS platform, also revealed critical flaws. Defensive actions formed the core of the remediation effort. A company-wide Endpoint Detection and Response (EDR) solution was deployed, providing crucial visibility and response capabilities. The critical infrastructure was systematically hardened and a suite of security tools such as Graylog was implemented for logging, Dependency Track for SBOM analysis, and PrivateBin for secure sharing to build a robust security operations ecosystem. Recognising the human element, a large-scale phishing campaign was executed, generating a click-through rate of just over 10%, which established a clear baseline for security awareness and underscored the need for continuous training. In conclusion, this internship successfully laid the foundation for a modern, resilient cybersecurity programme at TEKEVER. By systematically identifying risks, implementing foundational controls, and deploying advanced defensive technologies, the company’s attack surface was measurably reduced, and a culture of security was initiated, establishing the processes necessary for continuous improvement.
In an increasingly hostile digital landscape, the security of technological innovation is paramount. This dissertation details a nine-month internship at TEKEVER II Autonomous Systems, a developer of advanced Unmanned Aerial Vehicles (UAVs), which began with a nascent cybersecurity posture. The primary goal was to transition the organisation from a reactive to a proactive security model by establishing a foundational cybersecurity framework through security audits, infrastructure hardening, enhanced threat visibility, and employee awareness initiatives. A combination of offensive and defensive methodologies was employed. Offensive assessments included a wireless penetration test that compromised the corporate network and a comprehensive internal scan that catalogued more than 600 vulnerabilities. Penetration tests on key products, including the ATLAS platform, also revealed critical flaws. Defensive actions formed the core of the remediation effort. A company-wide Endpoint Detection and Response (EDR) solution was deployed, providing crucial visibility and response capabilities. The critical infrastructure was systematically hardened and a suite of security tools such as Graylog was implemented for logging, Dependency Track for SBOM analysis, and PrivateBin for secure sharing to build a robust security operations ecosystem. Recognising the human element, a large-scale phishing campaign was executed, generating a click-through rate of just over 10%, which established a clear baseline for security awareness and underscored the need for continuous training. In conclusion, this internship successfully laid the foundation for a modern, resilient cybersecurity programme at TEKEVER. By systematically identifying risks, implementing foundational controls, and deploying advanced defensive technologies, the company’s attack surface was measurably reduced, and a culture of security was initiated, establishing the processes necessary for continuous improvement.
Description
Keywords
Cibersegurança Avaliação de vulnerabilidades Deteção e resposta