Table of Contents
Fetching ...

Threat-based Security Controls to Protect Industrial Control Systems

Haritha Srinivasan, Maryam Karimi

TL;DR

The paper addresses the growing threat landscape for ICS/OT environments by analyzing adversary TTPs and mapping them to MITRE ICS ATT&CK, complemented by ISA/IEC 62443 standards. It argues that traditional IT security approaches are insufficient for OT and promotes a threat-based control framework tailored to Purdue PERA architectures and various safety-system configurations. A key contribution is a 27-item set of threat-based security controls, derived from mapping TTPs across initial access, movement, and impact, with guidance on implementation and testing. The work also surveys ICS testbeds and advocates for future research that leverages larger threat datasets and automated analyses to validate and refine defenses in realistic environments.

Abstract

This paper analyzes the reported threats to Industrial Control Systems (ICS)/Operational Technology (OT) and identifies common tactics, techniques, and procedures (TTP) used by threat actors. The paper then uses the MITRE ATT&CK framework to map the common TTPs and provide an understanding of the security controls needed to defend against the reported ICS threats. The paper also includes a review of ICS testbeds and ideas for future research using the identified controls.

Threat-based Security Controls to Protect Industrial Control Systems

TL;DR

The paper addresses the growing threat landscape for ICS/OT environments by analyzing adversary TTPs and mapping them to MITRE ICS ATT&CK, complemented by ISA/IEC 62443 standards. It argues that traditional IT security approaches are insufficient for OT and promotes a threat-based control framework tailored to Purdue PERA architectures and various safety-system configurations. A key contribution is a 27-item set of threat-based security controls, derived from mapping TTPs across initial access, movement, and impact, with guidance on implementation and testing. The work also surveys ICS testbeds and advocates for future research that leverages larger threat datasets and automated analyses to validate and refine defenses in realistic environments.

Abstract

This paper analyzes the reported threats to Industrial Control Systems (ICS)/Operational Technology (OT) and identifies common tactics, techniques, and procedures (TTP) used by threat actors. The paper then uses the MITRE ATT&CK framework to map the common TTPs and provide an understanding of the security controls needed to defend against the reported ICS threats. The paper also includes a review of ICS testbeds and ideas for future research using the identified controls.
Paper Structure (15 sections, 1 figure)

This paper contains 15 sections, 1 figure.

Figures (1)

  • Figure 1: Security Controls, Please note that to fit all the information inside the figure we had to use few abbreviations as follwos: **IEC stands for IEC 62443-3-3:2013 - SR …., IEC 62443-4-2:2019 - CR ... , For instance, IEC 1.1. stands for IEC 62443-3-3:2013-SR 1.1,IEC 62443-4-2:2019-CR 1.1 ***N stands for NIST SP 800-53 Rev. 4, For example, NAC-3 stands for NIST SP 800-53 Rev. 4 - AC-3.