A method for threat modelling of industrial control systems
Chapter
Accepted version
Permanent lenke
https://hdl.handle.net/11250/3128255Utgivelsesdato
2024Metadata
Vis full innførselSamlinger
- Publikasjoner fra CRIStin - SINTEF AS [5659]
- SINTEF Digital [2407]
Originalversjon
Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media: Cyber Science 2023; 03–04 July; University of Aalborg, Copenhagen, Denmark. 2024, 221-234. 10.1007/978-981-99-6974-6_13Sammendrag
In this paper, we propose a new method for threat modelling of industrial control systems (ICS). The method is designed to be flexible and easy to use. Model elements inspired by IEC 62443 and Data Flow Diagrams (DFD) are used to create a model of the ICS under consideration. Starting from this model, threats are identified by investigating how the confidentiality, integrity and availability of different functions in the ICS can be attacked. Finally, threats are prioritised and mitigations are proposed for those threats that are not accepted by the ICS owner. We briefly illustrate the use of the method on a simplified and fictitious power grid secondary substation case.