Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Evidence-Based Threat Modeling for ICS

Can Ozkan, Dave Singelee

TL;DR

Industrial control systems face significant cyber risk, and existing threat models lack systematic, comprehensive threat enumeration for ICS components. The authors present an evidence-based threat modeling approach that derives threats from CVE-CWE pairs, enabling granular and repeatable threat lists without relying on expert judgment, and implement it in a ready-to-use Python tool demonstrated on a SCADA case. The methodology defines scope, extracts CVEs and CWEs, deduplicates weaknesses, prioritizes threats by frequency, and links CWE mitigations, with validation via design or testing. The work provides a practical, integrable sub-methodology for existing threat models, offering ICS-specific threat coverage and actionable mitigation guidance.

Abstract

ICS environments are vital to the operation of critical infrastructure such as power grids, water treatment facilities, and manufacturing plants. However, these systems are vulnerable to cyber attacks due to their reliance on interconnected devices and networks, which could lead to catastrophic failures. Therefore, securing these systems from cyber threats becomes paramount. In this context, threat modeling plays an essential role. Despite the advances in threat modeling, the fundamental gap in the state-of-the art is the lack of a systematic methodology for identifying threats in ICS comprehensively. Most threat models in the literature (i) rely on expert knowledge, (ii) only include generic threats such as spoofing, tampering, etc., and (iii) these threats are not comprehensive enough for the systems in question. To overcome these limitations, we propose a novel evidence-based methodology to systematically identify threats based on existing CVE entries of components and their associated fundamental weaknesses in the form of CWE entries - namely, CVE-CWE pairs - and thereby generate a comprehensive threat list. Furthermore, we have implemented our methodology as a ready-to-use tool and have applied it to a typical SCADA system to demonstrate that our methodology is practical and applicable in real-world settings.

Evidence-Based Threat Modeling for ICS

TL;DR

Industrial control systems face significant cyber risk, and existing threat models lack systematic, comprehensive threat enumeration for ICS components. The authors present an evidence-based threat modeling approach that derives threats from CVE-CWE pairs, enabling granular and repeatable threat lists without relying on expert judgment, and implement it in a ready-to-use Python tool demonstrated on a SCADA case. The methodology defines scope, extracts CVEs and CWEs, deduplicates weaknesses, prioritizes threats by frequency, and links CWE mitigations, with validation via design or testing. The work provides a practical, integrable sub-methodology for existing threat models, offering ICS-specific threat coverage and actionable mitigation guidance.

Abstract

ICS environments are vital to the operation of critical infrastructure such as power grids, water treatment facilities, and manufacturing plants. However, these systems are vulnerable to cyber attacks due to their reliance on interconnected devices and networks, which could lead to catastrophic failures. Therefore, securing these systems from cyber threats becomes paramount. In this context, threat modeling plays an essential role. Despite the advances in threat modeling, the fundamental gap in the state-of-the art is the lack of a systematic methodology for identifying threats in ICS comprehensively. Most threat models in the literature (i) rely on expert knowledge, (ii) only include generic threats such as spoofing, tampering, etc., and (iii) these threats are not comprehensive enough for the systems in question. To overcome these limitations, we propose a novel evidence-based methodology to systematically identify threats based on existing CVE entries of components and their associated fundamental weaknesses in the form of CWE entries - namely, CVE-CWE pairs - and thereby generate a comprehensive threat list. Furthermore, we have implemented our methodology as a ready-to-use tool and have applied it to a typical SCADA system to demonstrate that our methodology is practical and applicable in real-world settings.

Paper Structure

This paper contains 12 sections, 4 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Related work
  3. Existing Threat Modeling Methodologies
  4. Threat Modeling Tools
  5. Main Concept
  6. Our Novel Evidence-based Threat Modeling Methodology
  7. Software Tool
  8. Discussion
  9. Integration into Existing Threat Modeling Methodologies
  10. Limitations of Our Methodology
  11. Case Study on a Typical SCADA Network
  12. Conclusion

Figures (4)

  • Figure 1: Initial Screen of the Tool
  • Figure 2: Scope and System Components
  • Figure 3: The Top 5 Threats for PLC
  • Figure 4: All PLC Threats