Abstract
Industrial control systems (ICSs) used to be operated in closed networks, that is, separated physically from the Internet and corporate networks, and independent protocols were used for each manufacturer. Thus, their operation was relatively safe from cyberattacks. However, with advances in recent technologies, such as big data and internet of things, companies have been trying to use data generated from the ICS environment to improve production yield and minimize process downtime. Thus, ICSs are being connected to the internet or corporate networks. These changes have increased the frequency of attacks on ICSs. Despite this increased cybersecurity risk, research on ICS security remains insufficient. In this paper, we analyze threats in detail using STRIDE threat analysis modeling and DREAD evaluation for distributed control systems, a type of ICSs, based on our work experience as cybersecurity specialists at a refinery. Furthermore, we verify the validity of threats identified using STRIDE through case studies of major ICS cybersecurity incidents: Stuxnet, BlackEnergy 3, and Triton. Finally, we present countermeasures and strategies to improve risk assessment of identified threats.
| Original language | English |
|---|---|
| Pages (from-to) | 991-1003 |
| Number of pages | 13 |
| Journal | ETRI Journal |
| Volume | 44 |
| Issue number | 6 |
| DOIs | |
| Publication status | Published - 2022 Dec |
Bibliographical note
Publisher Copyright:1225-6463/$ © 2021 ETRI.
Keywords
- DREAD
- STRIDE
- countermeasures
- distributed control system (DCS)
- industrial control system (ICS)
- network
- operation technology (OT)
- threat modeling
ASJC Scopus subject areas
- Electronic, Optical and Magnetic Materials
- General Computer Science
- Electrical and Electronic Engineering