A method for threat modelling of industrial control systems

Abstract

In this paper, we propose a new method for threat modelling of industrial control systems (ICS). The method is designed to be flexible and easy to use. Model elements inspired by IEC 62443 and Data Flow Diagrams (DFD) are used to create a model of the ICS under consideration. Starting from this model, threats are identified by investigating how the confidentiality, integrity and availability of different functions in the ICS can be attacked. Finally, threats are prioritised and mitigations are proposed for those threats that are not accepted by the ICS owner. We briefly illustrate the use of the method on a simplified and fictitious power grid secondary substation case.

Client

Research Council of Norway (RCN) / 257626

Language

English

Author(s)

Lars Flå
Martin Gilje Jaatun

Affiliation

SINTEF Digital / Software Engineering, Safety and Security

Year

2024

Publisher

Springer

Book

Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media: Cyber Science 2023; 03–04 July; University of Aalborg, Copenhagen, Denmark

Issue

ISBN

978-981-99-6974-6

Page(s)

221 - 234

External resources

https://jaatun.no/papers/2023/a%20method%20for%20threat%20modelling%20of%20industrial.pdf

DOI

https://doi.org/10.1007/978-981-99-6974-6_13

View this publication at Cristin

Contact us

Our services

Career

Sustainability

Management and board

Institutes

Other units

About us

Follow us