Please use this identifier to cite or link to this item:
http://dspace.bits-pilani.ac.in:8080/jspui/handle/123456789/8383
Title: | APT attacks on industrial control systems: A tale of three incidents |
Authors: | Kumar, Rajesh |
Keywords: | Computer Science Threat modelling Stuxnet Triton Cyber security risk management Advanced Persistent threats |
Issue Date: | Jul-2022 |
Publisher: | Springer |
Abstract: | Modern-day industries are complex socio-technical entities. Understanding the risks associated with the operation of such systems requires proper consideration of budget constraints, security expertise and evaluating the effects of legacy services. A relatively newer and unorthodox form of cyber-attacks against such systems are Advanced Persistent Threats (APTs). APTs are resourceful and strategic, aiming at maximum damage by stalling critical services and stealing sensitive information. In this article, we demonstrate how attack trees can be used as a common language to model APT attacks in a practitioner-friendly manner. We do so by modelling three prominent APT attacks, namely Stuxnet, Blackenergy and Triton. Each attack is described in a systematic and structured way following the attack tree modelling language. We show that, because attack trees are compositional models, one can reuse them to model other complex attack scenarios. We illustrate this compositional feature by modelling attacks on an industrial oil-pipeline. |
URI: | https://www.sciencedirect.com/science/article/pii/S1874548222000129 http://dspace.bits-pilani.ac.in:8080/xmlui/handle/123456789/8383 |
Appears in Collections: | Department of Computer Science and Information Systems |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.