Efficient Industrial Control Systems risk assessment using the attack path to the critical device

Abstract

In cyberattacks against Industrial Control Systems (ICS), one of the final goals of attackers is to impair ICS operations. Recent ICS tend to be connected with other networks and are often implemented with common technologies in order to increase production efficiency and reduce costs. This leads to the creation of new attack surfaces that increase the cyber risks of these systems. Although preventing system intrusion without fault could be difficult, if attacks can be prevented at an early stage before they reach the physical world, damage can be minimized. Thus, appropriate cybersecurity risk assessment methods for ICS are necessary. ICS risk assessment methods proposed in previous research require more time to administer, and they heavily depend on the analysts’ particular expertise and skill to efficiently examine attack scenarios and attack paths. In this research, we propose an efficient quantitative risk assessment method to evaluate the risk of possible attacks on critical ICS devices. This method uses packet capture data in the ICS network to automatically enumerate possible attack paths and calculates the risk level of each attack path. It then comprehensively evaluates the risk level of an entire ICS by utilizing multiple metrics such as the severity of vulnerabilities that exist in specific devices or communication methods, security measures that have been taken, and the features of the attack paths to the critical devices.