Industrial control system security taxonomic framework with application to a comprehensive incidents survey

Abstract In recent years, the number of cyber-physical incidents in industrial control systems (ICSs) has increased. Providing a framework for ICS threat intelligence is of utmost importance because of the critical role of ICSs in the nations' critical infrastructures. In this paper, after a short review of various threats and security incidents’ taxonomies in the cyber-physical scope, we propose the Hierarchical Taxonomic Framework (HTF) with required characteristics for classifying attacks and security incidents in ICSs. We applied the HTF to analyze 268 available public security incidents on ICSs reported between 1982 and 2018. Among these 268 incidents, there are 147 attacks and 121 non-attack security incidents. The HTF and the analytical incidents study are carried out to extract the useful patterns and key points for organizing threat intelligence in ICSs and critical infrastructures to improve their security level according to the cyber-attacks trends.

[1]  R. I. Ogie Cyber Security Incidents on Critical Infrastructure and Industrial Networks , 2017, ICCAE '17.

[2]  Bala Srinivasan,et al.  Information Security Threats Classification Pyramid , 2010, 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops.

[3]  Chen Han,et al.  Q&A. What Motivates Cyber-Attackers? , 2014 .

[4]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[5]  Helge Janicke,et al.  SCADA security in the light of Cyber-Warfare , 2012, Comput. Secur..

[6]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[7]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[8]  Rakesh Bobba,et al.  First Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC): Challenges and Research Directions , 2015, CCS.

[9]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, S&P 1997.

[10]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[11]  David Geer Security of critical control systems sparks concern , 2006, Computer.

[12]  Thomas L. Saaty,et al.  DECISION MAKING WITH THE ANALYTIC HIERARCHY PROCESS , 2008 .

[13]  Edward G. Amoroso,et al.  Fundamentals of computer security technology , 1994 .

[14]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[15]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[16]  Maria Kjaerland,et al.  A taxonomy and comparison of computer security incidents from the commercial and government sectors , 2006, Comput. Secur..

[17]  Latifa Ben Arfa Rabai,et al.  Classification of Security Threats in Information Systems , 2014, ANT/SEIT.

[18]  Clive Blackwell,et al.  A security ontology for incident analysis , 2010, CSIIRW '10.

[19]  Qishi Wu,et al.  AVOIDIT: A Cyber Attack Taxonomy , 2009 .

[20]  Dimitris Gritzalis,et al.  Trusted Computing vs. Advanced Persistent Threats: Can a Defender Win This Game? , 2013, 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing.

[21]  Eugene H. Spafford,et al.  Software vulnerability analysis , 1998 .

[22]  Dale C. Rowe,et al.  A survey SCADA of and critical infrastructure incidents , 2012, RIIT '12.

[23]  S. Mustard,et al.  Security of distributed control systems: the concern increases , 2005 .

[24]  Tudorica Daniela Communication security in SCADA pipeline monitoring systems , 2011, 2011 RoEduNet International Conference 10th Edition: Networking in Education and Research.

[25]  William B Miller Classifying and Cataloging Cyber-Security Incidents Within Cyber-Physical Systems , 2014 .

[26]  Sandro Gerić,et al.  INFORMATION SYSTEM SECURITY THREATS CLASSIFICATIONS , 2007 .

[27]  J. David Rogers,et al.  The 2005 Upper Taum Sauk Dam Failure: A Case History , 2010 .

[28]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.