Evidence-Based Threat Modeling for ICS

• URL: http://arxiv.org/abs/2411.19759v1
• Date: Fri, 29 Nov 2024 15:05:00 GMT
• Title: Evidence-Based Threat Modeling for ICS
• Authors: Can Ozkan, Dave Singelee,
• Abstract summary: ICS environments are vital to the operation of critical infrastructure such as power grids, water treatment facilities, and manufacturing plants. We propose a novel evidence-based methodology to systematically identify threats based on existing CVE entries of components. We have implemented our methodology as a ready-to-use tool and have applied it to a typical SCADA system to demonstrate that our methodology is practical and applicable in real-world settings.
• Score: 0.0
• License:
• Abstract: ICS environments are vital to the operation of critical infrastructure such as power grids, water treatment facilities, and manufacturing plants. However, these systems are vulnerable to cyber attacks due to their reliance on interconnected devices and networks, which could lead to catastrophic failures. Therefore, securing these systems from cyber threats becomes paramount. In this context, threat modeling plays an essential role. Despite the advances in threat modeling, the fundamental gap in the state-of-the art is the lack of a systematic methodology for identifying threats in ICS comprehensively. Most threat models in the literature (i) rely on expert knowledge, (ii) only include generic threats such as spoofing, tampering, etc., and (iii) these threats are not comprehensive enough for the systems in question. To overcome these limitations, we propose a novel evidence-based methodology to systematically identify threats based on existing CVE entries of components and their associated fundamental weaknesses in the form of CWE entries - namely, CVE-CWE pairs - and thereby generate a comprehensive threat list. Furthermore, we have implemented our methodology as a ready-to-use tool and have applied it to a typical SCADA system to demonstrate that our methodology is practical and applicable in real-world settings.

Related papers

• Threat Me Right: A Human HARMS Threat Model for Technical Systems [4.096453902709292]
  We discuss traditional threat modelling methods and their shortcomings. We propose a new threat modelling framework (HARMS) to identify non-technical and human factors harms.
  arXiv  Detail & Related papers  (2025-02-10T23:13:41Z)
• Cyber Shadows: Neutralizing Security Threats with AI and Targeted Policy Measures [0.0]
  Cyber threats pose risks at individual, organizational, and societal levels. This paper proposes a comprehensive cybersecurity strategy that integrates AI-driven solutions with targeted policy interventions.
  arXiv  Detail & Related papers  (2025-01-03T09:26:50Z)
• Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC) ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic. We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• AsIf: Asset Interface Analysis of Industrial Automation Devices [1.3216177247621483]
  Industrial control systems are increasingly adopting IT solutions, including communication standards and protocols. As these systems become more decentralized and interconnected, a critical need for enhanced security measures arises. Threat modeling is traditionally performed in structured brainstorming sessions involving domain and security experts. We propose a method for the analysis of assets in industrial systems, with special focus on physical threats.
  arXiv  Detail & Related papers  (2024-09-26T07:19:15Z)
• Towards Guaranteed Safe AI: A Framework for Ensuring Robust and Reliable AI Systems [88.80306881112313]
  We will introduce and define a family of approaches to AI safety, which we will refer to as guaranteed safe (GS) AI. The core feature of these approaches is that they aim to produce AI systems which are equipped with high-assurance quantitative safety guarantees. We outline a number of approaches for creating each of these three core components, describe the main technical challenges, and suggest a number of potential solutions to them.
  arXiv  Detail & Related papers  (2024-05-10T17:38:32Z)
• Introducing Systems Thinking as a Framework for Teaching and Assessing Threat Modeling Competency [3.467282314524728]
  We propose using systems thinking in conjunction with popular and industry-standard threat modeling frameworks like STRIDE for teaching and assessing threat modeling competency. Students who had both systems thinking and STRIDE instruction identified and attempted to mitigate component-level and systems-level threats.
  arXiv  Detail & Related papers  (2024-04-25T14:21:15Z)
• Security Modelling for Cyber-Physical Systems: A Systematic Literature Review [7.3347982474177185]
  Cyber-physical systems (CPS) are at the intersection of digital technology and engineering domains. Prominent cybersecurity attacks on CPS have brought attention to the vulnerability of these systems. This literature review delves into state-of-the-art research in CPS security modelling, encompassing both threat and attack modelling.
  arXiv  Detail & Related papers  (2024-04-11T07:41:36Z)
• ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management [65.0114141380651]
  ThreatKG is an automated system for OSCTI gathering and management. It efficiently collects a large number of OSCTI reports from multiple sources. It uses specialized AI-based techniques to extract high-quality knowledge about various threat entities.
  arXiv  Detail & Related papers  (2022-12-20T16:13:59Z)
• A System for Automated Open-Source Threat Intelligence Gathering and Management [53.65687495231605]
  SecurityKG is a system for automated OSCTI gathering and management. It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
  arXiv  Detail & Related papers  (2021-01-19T18:31:35Z)
• A System for Efficiently Hunting for Cyber Threats in Computer Systems Using Threat Intelligence [78.23170229258162]
  We build ThreatRaptor, a system that facilitates cyber threat hunting in computer systems using OSCTI. ThreatRaptor provides (1) an unsupervised, light-weight, and accurate NLP pipeline that extracts structured threat behaviors from unstructured OSCTI text, (2) a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities, and (3) a query synthesis mechanism that automatically synthesizes a TBQL query from the extracted threat behaviors.
  arXiv  Detail & Related papers  (2021-01-17T19:44:09Z)
• Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence [94.94833077653998]
  ThreatRaptor is a system that facilitates threat hunting in computer systems using open-source Cyber Threat Intelligence (OSCTI) It extracts structured threat behaviors from unstructured OSCTI text and uses a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities. Evaluations on a broad set of attack cases demonstrate the accuracy and efficiency of ThreatRaptor in practical threat hunting.
  arXiv  Detail & Related papers  (2020-10-26T14:54:01Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.