IDEAS home Printed from https://ideas.repec.org/a/eee/ijocip/v36y2022ics1874548221000718.html
   My bibliography  Save this article

An evaluation framework for industrial control system cyber incidents

Author

Listed:
  • Firoozjaei, Mahdi Daghmehchi
  • Mahmoudyar, Nastaran
  • Baseri, Yaser
  • Ghorbani, Ali A.

Abstract

Industrial control systems (ICSs) and critical infrastructure are targeted by sophisticated cyber incidents launched by skillful and persistent attackers. Due to political, public image, or industrial competition reasons, most incidents are not publicly reported. Therefore, their consequences and threats are not as known as well as those in information technology (IT) systems. This paper aims to provide a foundation for cyber risk assessment for operational technology (OT) systems. To this end, we review the adversarial tactics and techniques employed by attackers to launch ICS cyberattacks and analyze the attack mechanisms of six significant ICS cyber incidents in the energy and power industries, namely Stuxnet, BlackEnergy, Crashoverride, Triton, Irongate, and Havex. We introduce an evaluation framework to evaluate the threat level of the ICS cyber incidents based on their sophistication and incident consequences. Finally, we rate the analyzed ICS cyber incidents based on their threat scores. Our evaluation rates Stuxnet as the most sophisticated and high-threat ICS malware and Irongate the lowest. We hope our evaluation can shed light on the design of protection solutions for OT systems.

Suggested Citation

  • Firoozjaei, Mahdi Daghmehchi & Mahmoudyar, Nastaran & Baseri, Yaser & Ghorbani, Ali A., 2022. "An evaluation framework for industrial control system cyber incidents," International Journal of Critical Infrastructure Protection, Elsevier, vol. 36(C).
    • Handle: RePEc:eee:ijocip:v:36:y:2022:i:c:s1874548221000718
    DOI: 10.1016/j.ijcip.2021.100487
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1874548221000718
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijcip.2021.100487?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Ramaki, Ali Ahmadian & Ghaemi-Bafghi, Abbas & Rasoolzadegan, Abbas, 2023. "CAPTAIN: Community-based Advanced Persistent Threat Analysis in IT Networks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 42(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijocip:v:36:y:2022:i:c:s1874548221000718. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-critical-infrastructure-protection .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.