Threat Modeling and Reasoning for Industrial Control System Assets

Abstract

With the evolution of the industry from automation to intelligence, the control, and management of industry have gradually become intelligent and simple, and the Industrial Internet of Things has emerged. The most important industrial control system in the industrial Internet of Things has improved the control efficiency of managers to deal with emergencies, but it also makes hackers available. To improve the response-ability of the industrial control system to attack, a threat modeling and reasoning base on industrial control system assets is proposed. The model constructs the asset structure of the industrial control system through the description of assets and the Purdue model in A TT &CK, and then establishes a threat model through attackers and the consequences of attackers. Thus, it can effectively deal with the attack of the attacker. On this basis, the asset security ontology of the industrial control system(ASOICS) is constructed and based on ASOICS, the asset security inference rules under ICS are designed. The semantic relationship between asset security of industrial control system is established by using the expression ability of ontology which can improve the response speed of security personnel to ICS attacks. Finally, this method is applied to the real industrial control system attack case scenario for analysis, and the attack and assets are mapped to the knowledge map. The potential risks and actual attack scenarios of the attacked assets are successfully detected, which proves the effectiveness of the proposed method.