Development of an Automated Vulnerability Management System for OT Environments
DOI:
https://doi.org/10.56472/ICCSAIML25-138Keywords:
Operational Technology (OT) Security, Vulnerability Management, Industrial Control Systems (ICS), Automation, Cybersecurity, Risk Prioritization, Asset Discovery, Critical Infrastructure Protection, SCADA Security, Threat Intelligence IntegrationAbstract
Operational Technology (OT) environments, which underpin critical infrastructure such as energy, manufacturing, and transportation systems, are increasingly targeted by sophisticated cyber threats. Unlike traditional IT systems, OT environments pose unique challenges for vulnerability management, including limited downtime windows, legacy equipment, and heterogeneous protocols. This paper proposes the design and development of an automated vulnerability management system tailored specifically for OT environments. The system integrates real-time asset discovery, vulnerability assessment, and intelligent risk prioritization while ensuring minimal disruption to operational processes. We describe the system architecture, implementation details, and evaluate the approach in a simulated industrial control environment. The results demonstrate the feasibility and effectiveness of the proposed solution in enhancing security posture without compromising operational integrity
Downloads
References
[1] Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, A. (2015). A survey of cyber security management in industrial control systems. International Journal of Critical Infrastructure Protection, 9, 52–80.
[2] Sahil Bucha, “Integrating Cloud-Based E-Commerce Logistics Platforms While Ensuring Data Privacy: A Technical Review,” Journal Of Critical Reviews, Vol 09, Issue 05 2022, Pages1256-1263.
[3] S. Gupta, S. Barigidad, S. Hussain, S. Dubey and S. Kanaujia, "Hybrid Machine Learning for Feature-Based Spam Detection," 2025 2nd International Conference on Computational Intelligence, Communication Technology and Networking (CICTN), Ghaziabad, India, 2025, pp. 801-806, doi: 10.1109/CICTN64563.2025.10932459.
[4] Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to Industrial Control Systems (ICS) Security. NIST Special Publication 800-82.
[5] Padmaja Pulivarthy. (2024/12/3). Harnessing Serverless Computing for Agile Cloud Application Development,” FMDB Transactionson Sustainable Computing Systems. 2,( 4), 201-210, FMDB.
[6] Pronaya Bhattacharya Lakshmi Narasimha Raju Mudunuri, 2024, “Ethical Considerations Balancing Emotion and Autonomy in AI Systems”, Humanizing Technology With Emotional Intelligence, pp. 443-456.
[7] Lee, R. M., Assante, M. J., & Conway, T. (2016). Analysis of the Cyber Attack on the Ukrainian Power Grid. SANS Industrial Control Systems Report.
[8] Sudheer Panyaram, (2025/5/18). Intelligent Manufacturing with Quantum Sensors and AI A Path to Smart Industry 5.0. International Journal of Emerging Trends in Computer Science and Information Technology. 140-147.
[9] Humayed, A., Lin, J., Li, F., & Luo, B. (2017). Cyber-Physical Systems Security A Survey. IEEE Internet of Things Journal, 4(6), 1802–1831.
[10] S. S. Nair, G. Lakshmikanthan, N. Belagalla, S. Belagalla, S. K. Ahmad and S. A. Farooqi, ""Leveraging AI and Machine Learning for Enhanced Fraud Detection in Digital Banking System: A Comparative Study,"" 2025 First International Conference on Advances in Computer Science, Electrical, Electronics, and Communication Technologies (CE2CT), Bhimtal, Nainital, India, 2025, pp. 1278-1282, doi: 10.1109/CE2CT64011.2025.10939756.
[11] Kirti Vasdev. (2019). “GIS in Disaster Management: Real-Time Mapping and Risk Assessment”. International Journal on Science and Technology, 10(1), 1–8. https://doi.org/10.5281/zenodo.14288561
[12] Ten, C.-W., Liu, C.-C., & Manimaran, G. (2008). Vulnerability Assessment of Cybersecurity for SCADA Systems. IEEE Transactions on Power Systems, 23(4), 1836–1846.
[13] Animesh Kumar, “AI-Driven Innovations in Modern Cloud Computing”, Computer Science and Engineering, 14(6), 129-134, 2024.
[14] Chandia, R., Gonzalez, J., Kilger, M., & Papa, M. (2007). Security strategies for SCADA networks. Security and Privacy for Emerging Areas in Communications Networks.
[15] L. N. R. Mudunuri, V. M. Aragani, and P. K. Maroju, "Enhancing Cybersecurity in Banking: Best Practices and Solutions for Securing the Digital Supply Chain," Journal of Computational Analysis and Applications, vol. 33, no. 8, pp. 929-936, Sep. 2024.
[16] Yu, C., Wang, Q., Zeng, Y., & Luo, X. (2020). Survey on Machine Learning Algorithms for Industrial Control Systems. IEEE Access, 8, 130883–130904.
[17] Swathi Chundru, Arunkumar Thirunagalingam, Praveen Maroju, Pushan Kumar Dutta, Harsh Yadav, Pawan Whig, (2024/12/1), Internet of water: quantifying IoT's impact on urban water management and resource optimization in smart cities, 8th IET Smart Cities Symposium (SCS 2024), 2024,
528-533, IET.
[18] Kriaa, S., Bouissou, M., & Pietre-Cambacedes, L. (2015). Modeling the Stuxnet attack with BDMP: Towards more formal risk assessments. IFIP International Conference on Information Security Theory and Practice.
[19] Mohanarajesh Kommineni. (2023/6). Investigate Computational Intelligence Models Inspired By Natural Intelligence, Such As Evolutionary Algorithms And Artificial Neural Networks. Transactions On Latest Trends In Artificial Intelligence. 4. P30. Ijsdcs.
[20] Mavroeidis, V., & Bromander, S. (2017). Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies. 2017 European Intelligence and Security Informatics Conference.
[21] Marella, Bhagath Chandra Chowdari, and Gopi Chand Vegineni. "Automated Eligibility and Enrollment Workflows: A Convergence of AI and Cybersecurity." AI-Enabled Sustainable Innovations in Education and Business, edited by Ali Sorayyaei Azar, et al., IGI Global, 2025, pp. 225-250. https://doi.org/10.4018/979-8-3373-3952-8.ch010
[22] Boyer, S. A. (2010). SCADA: Supervisory Control and Data Acquisition. ISA.
[23] Divya Kodi, "Zero Trust in Cloud Computing: An AI-Driven Approach to Enhanced Security," SSRG International Journal of Computer Science and Engineering, vol. 12, no. 4, pp. 1-8, 2025. Crossref, https://doi.org/10.14445/23488387/IJCSE-V12I4P101
[24] Puneet Aggarwal,Amit Aggarwal. "Empowering Intelligent Enterprises: Leveraging SAP's SIEM Intelligence For Proactive Cybersecurity", International Journal Of Computer Trends And Technology, 72 (10), 15-21, 2024.
[25] Nirali Shah, "Validation and Verification of Artificial Intelligence Containing Products Across the Regulated Healthcare or Medical Device Industries", International Journal of Science and Research (IJSR), Volume 13 Issue 7, July 2024, pp. 66-71, https://www.ijsr.net/getabstract.php?paperid=ES24701081833, DOI: https://www.doi.org/10.21275/ES24701081833
