EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

An evaluation framework for industrial control system cyber incidents

Mahdi Daghmehchi Firoozjaei, Nastaran Mahmoudyar, Yaser Baseri and Ali A. Ghorbani

International Journal of Critical Infrastructure Protection, 2022, vol. 36, issue C

Abstract: Industrial control systems (ICSs) and critical infrastructure are targeted by sophisticated cyber incidents launched by skillful and persistent attackers. Due to political, public image, or industrial competition reasons, most incidents are not publicly reported. Therefore, their consequences and threats are not as known as well as those in information technology (IT) systems. This paper aims to provide a foundation for cyber risk assessment for operational technology (OT) systems. To this end, we review the adversarial tactics and techniques employed by attackers to launch ICS cyberattacks and analyze the attack mechanisms of six significant ICS cyber incidents in the energy and power industries, namely Stuxnet, BlackEnergy, Crashoverride, Triton, Irongate, and Havex. We introduce an evaluation framework to evaluate the threat level of the ICS cyber incidents based on their sophistication and incident consequences. Finally, we rate the analyzed ICS cyber incidents based on their threat scores. Our evaluation rates Stuxnet as the most sophisticated and high-threat ICS malware and Irongate the lowest. We hope our evaluation can shed light on the design of protection solutions for OT systems.

Keywords: Industrial control system (ICS) cyber incident; Advanced persistent threat (APT); MITRE ATT&CK; Cybersecurity; Threat score (search for similar items in EconPapers)
Date: 2022
References: View complete reference list from CitEc
Citations: View citations in EconPapers (1)

Downloads: (external link)
http://www.sciencedirect.com/science/article/pii/S1874548221000718
Full text for ScienceDirect subscribers only

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eee:ijocip:v:36:y:2022:i:c:s1874548221000718

DOI: 10.1016/j.ijcip.2021.100487

Access Statistics for this article

International Journal of Critical Infrastructure Protection is currently edited by Leon Strous

More articles in International Journal of Critical Infrastructure Protection from Elsevier
Bibliographic data for series maintained by Catherine Liu ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:eee:ijocip:v:36:y:2022:i:c:s1874548221000718