Abstract:
Modern-day industries are complex socio-technical entities. Understanding the risks associated with the operation of such systems requires proper consideration of budget constraints, security expertise and evaluating the effects of legacy services. A relatively newer and unorthodox form of cyber-attacks against such systems are Advanced Persistent Threats (APTs). APTs are resourceful and strategic, aiming at maximum damage by stalling critical services and stealing sensitive information. In this article, we demonstrate how attack trees can be used as a common language to model APT attacks in a practitioner-friendly manner. We do so by modelling three prominent APT attacks, namely Stuxnet, Blackenergy and Triton. Each attack is described in a systematic and structured way following the attack tree modelling language. We show that, because attack trees are compositional models, one can reuse them to model other complex attack scenarios. We illustrate this compositional feature by modelling attacks on an industrial oil-pipeline.