Threat-based Security Controls to Protect Industrial Control Systems
Haritha Srinivasan, Maryam Karimi
TL;DR
The paper addresses the growing threat landscape for ICS/OT environments by analyzing adversary TTPs and mapping them to MITRE ICS ATT&CK, complemented by ISA/IEC 62443 standards. It argues that traditional IT security approaches are insufficient for OT and promotes a threat-based control framework tailored to Purdue PERA architectures and various safety-system configurations. A key contribution is a 27-item set of threat-based security controls, derived from mapping TTPs across initial access, movement, and impact, with guidance on implementation and testing. The work also surveys ICS testbeds and advocates for future research that leverages larger threat datasets and automated analyses to validate and refine defenses in realistic environments.
Abstract
This paper analyzes the reported threats to Industrial Control Systems (ICS)/Operational Technology (OT) and identifies common tactics, techniques, and procedures (TTP) used by threat actors. The paper then uses the MITRE ATT&CK framework to map the common TTPs and provide an understanding of the security controls needed to defend against the reported ICS threats. The paper also includes a review of ICS testbeds and ideas for future research using the identified controls.
