Abstract

When protecting the Industrial Control Systems against cyber attacks, it is important to have as much information as possible to allocate defensive resources properly. In this paper we estimate the Time-To-Compromise of different Industrial Control Systems attack techniques by MITRE ATT&CK. The Time-To-Compromise is estimated using an equation that takes into consideration the vulnerability data that exists for a specific asset and category of vulnerability. The vulnerability data is derived from an Industrial Control Systems specific vulnerability dataset. As a result, we present the mapping of the attack techniques to assets and categories of vulnerability, which makes it possible to apply specific vulnerabilities to the technique. We also present the method of how to estimate the Time-To-Compromise of the techniques and finally the values of Time-To-Compromise. After mapping the attack techniques to assets and category of vulnerability we are able to estimate the Time-To-Compromise and discuss its trustworthiness.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
An Open-Source Testbed to Visualise ICS Cybersecurity Weaknesses and Remediation Strategies – A Research Agenda Proposal
Conrad Ekisa ... Yvonne Kavanagh
-
Conrad Ekisa, et. al.Conrad Ekisa ... Yvonne Kavanagh
10 Jun 2021
Deceptive Patch Solutions for Protecting Industrial Control Systems Based on Discovered Vulnerabilities
Özlem Batur Dinler
Türk Doğa ve Fen Dergisi | VOL. 13
Özlem Batur DinlerÖzlem Batur Dinler
26 Mar 2024
Identification and application of security measures for petrochemical industrial control systems
H.M Leith ... John W Piper
Journal of Loss Prevention in the Process Industries | VOL. 26
H.M Leith, et. al.H.M Leith ... John W Piper
23 Oct 2013
Deep Packet Inspection in Industrial Automation Control System to Mitigate Attacks Exploiting Modbus/TCP Vulnerabilities
Osborn N Nyasore ... Pavol Zavarsky
-
Osborn N Nyasore, et. al.Osborn N Nyasore ... Pavol Zavarsky
01 May 2020
View more papers

More From: SN Computer Science

Paper Title
Journal
Date
Author
Real-World Asset Identity Authentication in Blockchain Enabled Inter-Organizational Process-Aware Systems Involving Adjustable Challenge-Response Evaluation Sets
Alexander Norta ... Stefan Craß
SN Computer Science | VOL. -
Alexander Norta, et. al.Alexander Norta ... Stefan Craß
05 Oct 2024
Text Conditioned Generative Adversarial Networks Generating Images and Videos: A Critical Review
Rayeesa Mehmood ... Kaiser J Giri
SN Computer Science | VOL. -
Rayeesa Mehmood, et. al.Rayeesa Mehmood ... Kaiser J Giri
05 Oct 2024
DualSRA-Net: A Dual Squeezed Residual Network with Attentive Multi-scale Featuring for Different Medical Images Segmentation Tasks
Eman M Elmeslimany ... Doaa A Altantawy
SN Computer Science | VOL. -
Eman M Elmeslimany, et. al.Eman M Elmeslimany ... Doaa A Altantawy
04 Oct 2024
Enhanced Phishing Website Detection Using Dual-Layer CNN and GRU with Attention Mechanism and Lexical NLP Features
Santosh Kumar Birthriya ... Ankit Kumar Jain
SN Computer Science | VOL. -
Santosh Kumar Birthriya, et. al.Santosh Kumar Birthriya ... Ankit Kumar Jain
03 Oct 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.