Abstract
Critical infrastructures in general and Industry Control Systems (ICS) in particular need specific protection. For instance, Advanced Persistent Threats (APT) are a well-known modus operandi of attackers to penetrate enterprise IT systems with the consequence of a severely disrupt production. The typical arms race leads to new, updated attack vectors (https://thehackernews.com/2022/07/hackers-distributing-password-cracking.html.). Hence critical infrastructures in general are vulnerable, and consequently our society, too. In this paper we propose an approach in the scope of ICS, which chains Cyber Threat Intelligence with the spatiotemporal analytical capabilities of a Geographic Information System (GIS). Our goal is an improved defense approach addressing the risk that a cyber-physical attack disrupts parts of the critical infrastructure. We furthermore quantify the threat and the extent of potential effects by providing reliable data on the expected level of risk/damage. Our approach of interlinking Cyber Threat Intelligence, incident response, and GIS operational models is evalutated using a prototype within a sample use case. For the implementation of the prototype, market-available products are used such as the Security Information and Event Management (SIEM) of the company LogPoint, the GIS of the company Esri and the MITRE ATT &CK framework. Our work shows how critical infrastructure protection can be improved through the optimized concatenation of existing procedures and technologies to make available knowledge actionable for defense. Our solution offers a unique starting point to combine the existing knowledge of Cyber Threat Intelligence with the knowledge of operational processes of critical infrastructures and put it at the service of the defender.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
References
Pascal Ackerman. Industrial Cybersecurity, Second Edition, Efficiently monitor the cybersecurity posture of your ICS environment. Number ISBN 978-1-80020-209-2. Packt (2021)
Alcaraz, C., Lopez, J.: A comprehensive survey of security threats. IEEE Commun. Surv. Tutorials, Digital twin (2022)
Alexander, O., Belisle, M., Steele, J.: Mitre att &ck for industrial control systems: Design and philosophy. MITRE Cooperation. https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf
Choi, S., Choi, J., Yun, J.-H., Min, B.-G., Kim, H.C.:. Expansion of ICS testbed for security validation based on MITRE ATT &CK Techniques (2021). https://www.usenix.org/system/files/cset20-paper-choi.pdf
Mitre Corporation. Ticket: 473822, incident: tangerine yellow (2019). https://attack.mitre.org/docs/training-cti/ticket-473822
Fire Eye and Mitre.org. Apt39: an iranian cyber espionage group focused on personal information (2019). https://attack.mitre.org/docs/training-cti/FireEye
Gritzalis, D., Theocharidou, M., Stergiopoulos, G.: Critical infrastructure security and resilience: theories, methods, tools and technologies - serie: advanced sciences and technologies for security applications (2019). https://link.springer.com/content/pdf/10.1007/978-3-030-00024-0.pdf
Federal Office for Information Security (BSI). Bsi-standard 200–2, it-grundschutz methodology - version 1.0 (2017). https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi-standard-2002_en_pdf.html?nn=128640
International Electronical Commission (IEC) International Standard Organization (ISO). Inf. Secur. Manage. (2013). https://www.iso.org/isoiec-27001-information-security.html
International Electronical Commission (IEC) International Standard Organization (ISO). Information technology - security techniques - code of practice for information security controls (2013). https://www.iso.org/isoiec-27001-information-security.html
International Electronical Commission (IEC) International Standard Organization (ISO). Information technology - security techniques - information security management systems - overview and vocabulary (2018). https://standards.iso.org/ittf/PubliclyAvailableStandards/c073906_ISO_IEC_27000_2018_E.zip
Jenkinson, A.: Ransomware and cybercrime (2022). https://www.taylorfrancis.com/books/mono/10.1201/9781003278214/ransomware-cybercrime-andrew-jenkinson
Kumara, N., Poon, V., Gupta, B.B., Goyal, M.K.: A novel framework for risk assessment and resilience of critical infrastructure towards climate change (2021). https://www.sciencedirect.com/science/article/abs/pii/S0040162520313585
LogPoint. Technical whitepaper - how logpoint uses mitre att &ck (20190. https://www.logpoint.com/en/resources/mitre-attack-framework/
Lykou, G., Anagnostopoulou, A., Gritzalis, D.: Smart airport cybersecurity: threat mitigation and cyber resilience controls (2018). https://www.mdpi.com/1424-8220/19/1/19
PR Newswire. Global xdr (extended detection and response) market report 2021: Vendors and end-users need to see beyond marketing claims (2021). https://eds.s.ebscohost.com/eds/detail/detail?vid=26 &sid=6bcfe3cb-db80-41c0-bcbf-6921d11a202d%40redis &bdata=Jmxhbmc9ZGUmc2l0ZT1lZHMtbGl2ZQ%3d%3dAN=202108111030PR.NEWS.USPR.IO71820 &db=bwh. (Visited 27 Oct 2021)
Security-Insider. Xdr - extended detection and response (2022). https://www.security-insider.de/xdr-extended-detection-and-response-d-626fe93eb2c58/
Electricity Information Sharing and Analysis Center (E-ISAC). Analysis of the cyber attack on the ukrainian power grid (2016). https://nsarchive.gwu.edu/sites/default/files/documents/3891751/SANS-and-Electricity-Information-Sharing-and.pdf
Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., Hahn, A.: Guide to industrial control systems (ICS) security, national institute of standards and technology (NIST) special publication 800–82 revision 2, us department of commerce (2015). https://dx.doi.org/10.6028/NIST.SP.800-82r2
Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., Thomas, C.B.: Mitre att &ck: design and philosophy. MITRE Cooperation. https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf
Tariq, H., Sultan, S.: A secure interoperable API wrapper tunnel for integration of gisbased ics-iiot and digital twins in industry 4.0 clouds (2022). https://wseas.com/journals/computers/2022/a365105-015(2022).pdf
MITRE Engenuity Center for Threat informaed Defense. Design principles and methodology for the insider threat tactics, techniques and procedures knowledge base (2022). https://github.com/center-for-threat-informed-defense/insider-threat-ttp-kb/releases/download/v0.0.1/design-principles-and-methodology.pdf
Williams, T.J.: The purdue enterprise reference architecture (1993). https://www.sciencedirect.com/science/article/pii/S1474667017485326
Acknowledgments
Supported by Research Institute CODE of Universität der Bundeswehr München.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Mundt, M., Baier, H. (2023). Mapping Cyber-Physical Threats for Critical Infrastructures. In: Hämmerli, B., Helmbrecht, U., Hommel, W., Kunczik, L., Pickl, S. (eds) Critical Information Infrastructures Security. CRITIS 2022. Lecture Notes in Computer Science, vol 13723. Springer, Cham. https://doi.org/10.1007/978-3-031-35190-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-35190-7_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35189-1
Online ISBN: 978-3-031-35190-7
eBook Packages: Computer ScienceComputer Science (R0)