research-article

An Indicators-of-Risk Library for Industrial Network Security

Authors:

Carolina Adaros-Boye,

Hans UlmerAuthors Info & Claims

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

Article No.: 134, Pages 1 - 9

https://doi.org/10.1145/3465481.3470023

Published: 17 August 2021 Publication History

Abstract

This paper introduces an “Indicator of Risk (IoR) Library” that leverages the MITRE ATT&CK for Industrial Control Systems (ICS) knowledge base to support continuous risk monitoring. This allows also making use of variables that are already being monitored to analyse risks in a continuous basis. IoRs broaden the concept of Indicators of Compromise by combining detection strategies with probabilistic inference as a tool for quantifying cyber-security risks. The latest version of the Library has 95 IoRs and has been reviewed by professionals from three major companies and cross-referenced against detection use-cases implemented by other researchers to validate its potential to identify variables for monitoring cyber-risks in ICS.

References

[1]

Carolina Adaros-Boye. 2021. IoR Library 2021 V1.0. https://tinyurl.com/7hthzpc5.

[2]

Carolina Adaros Boye, Paul Kearney, and Mark Josephs. 2018. Cyber-Risks in the Industrial Internet of Things (IIoT): Towards a Method for Continuous Assessment. In International Conference on Information Security. Springer, 502–519.

[3]

Carolina Adaros-Boye, Paul Kearney, and Mark Josephs. 2019. Continuous Risk Management for Industrial IoT: a Methodological View. In 14th International Conference CRiSIS.

[4]

Jason Andress. 2015. Working with indicators of compromise. ISSA Journal (2015), 14–20.

[5]

Anomali. [n.d.]. What Are STIX/TAXII. https://www.anomali.com/resources/what-are-stix-taxii. Accessed: 2021-03-24.

[6]

André Årnes, Karin Sallhammar, Kjetil Haslum, Tønnes Brekne, Marie Elisabeth Gaup Moe, and Svein Johan Knapskog. 2005. Real-time risk assessment with network sensors and intrusion detection systems. In International Conference on Computational and Information Science. Springer, 388–397.

[7]

El Mostapha Chakir, Mohamed Moughit, and Youness Idrissi Khamlichi. 2017. A real-time risk assessment model for intrusion detection systems. In 2017 International Symposium on Networks, Computers and Communications (ISNCC). IEEE, 1–6.

[8]

Long Chen, Yujian Chao, and Yuandong Ma. 2016. Risk Warning System Based on Big Data Applied in the Power Informatization of State Grid. In 2016 3rd International Conference on Information Science and Control Engineering (ICISCE). IEEE, 578–582.

[9]

Anton Cherepanov. 2017. WIN32/INDUSTROYER A new threat for industrial control systems. https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf. Accessed: 2020-12-27.

[10]

Cyber-X Labs. 2019. 2020 Global ICS & IIoT Risk. A data-driven analysis of vulnerabilities in our industrial and critical infrastructure. Technical Report. Cyber-X Labs.

[11]

Xuejun Ding, Yong Tian, and Yan Yu. 2015. A real-time big data gathering algorithm based on indoor wireless sensor networks for risk analysis of industrial operations. IEEE transactions on industrial informatics 12, 3 (2015), 1232–1242.

[12]

Exabeam. 2020. Using the MITRE ATT&CK knowledge base to improve Threat Hunting and Incident Response. https://www.exabeam.com/library/using-the-mitre-attck-knowledge-base-to-improve-threat-hunting-and-incident-response/. Accessed: 2020-12-27.

[13]

Forescout. 2019. Cybersecurity in Building Automation Systems (BAS). https://icitech.org/wp-content/uploads/2019/04/ForescoutOT_WP_Cybersecurity-in-BAS.pdf. Accessed: 2020-12-27.

[14]

Foulon, Hugues and Van Den Berghe, Michel. 2020. Security Navigator 2021. Research-driven insights to build a safer digital society. https://orangecyberdefense.com/global/security-navigator/. Accessed: 2020-12-27.

[15]

Gustavo Gonzalez-Granadillo, Samuel Dubus, Alexander Motzek, Joaquin Garcia-Alfaro, Ender Alvarez, Matteo Merialdo, Serge Papillon, and Hervé Debar. 2018. Dynamic risk management response system to handle cyber threats. Future Generation Computer Systems 83 (2018), 535–552.

Digital Library

[16]

Kjetil Haslum and André Årnes. 2006. Multisensor real-time risk assessment using continuous-time hidden markov models. In International Conference on Computational and Information Science. Springer, 694–703.

[17]

Carl M Hurd and Michael V McCarty. 2017. A survey of security tools for the industrial control system environment. Technical Report. Idaho National Lab.(INL), Idaho Falls, ID (United States).

[18]

Igor Kotenko, Igor Saenko, and Sergey Ageev. 2015. Countermeasure security risks management in the internet of things based on fuzzy logic inference. In 2015 IEEE Trustcom/BigDataSE/ISPA, Vol. 1. IEEE, 654–659.

[19]

Robert M Lee. 2018. ICS Active defense and Incident Response 515.2 - Asset Identification and Network Security Monitoring. In ICS Active defense and Incident Response. SANS Institute.

[20]

James McCarthy, Michael Powell, Keith Stouffer, CheeYee Tang, Timothy Zimmerman, William Barker, Titilayo Ogunyale, Devin Wynne, and Johnathan Wiltberger. 2018. Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection. Technical Report. National Institute of Standards and Technology.

[21]

MITRE Institute. [n.d.]. MITRE ATT&CK. https://attack.mitre.org/. Accessed: 2020-12-27.

[22]

Luciana Obregon. 2015. Secure architecture for industrial control systems. SANS Institute InfoSec Reading Room(2015).

[23]

OPC Foundation. [n.d.]. OPC Unified Architecture. Part 2: Security Model. https://reference.opcfoundation.org/src/v104/Core/docs/Part2/readme.htm. Accessed: 2021-03-24.

[24]

Paladion. 2020. SIEM Use Cases - 45 use cases for Security Monitoring. https://securereading.com/downloads/45-siem-use-cases-for-security-monitoring-paladion/. Accessed: 2020-12-27.

[25]

Atle Refsdal and Ketil Stølen. 2009. Employing key indicators to provide a dynamic risk picture with a notion of confidence. In IFIP International Conference on Trust Management. Springer, 215–233.

[26]

Juan Enrique Rubio, Cristina Alcaraz, Rodrigo Roman, and Javier Lopez. 2017. Analysis of Intrusion Detection Systems in Industrial Ecosystems. In SECRYPT. 116–128.

[27]

Splunk. 2020. 10 Ways to Take the MITRE ATT&CK Framework From Plan to Action - A guide to creating a threat-informed defense for your organization. https://www.splunk.com/pdfs/ebooks/10-ways-to-take-the-mitre-att-and-ck-framework-from-plan-to-action.pdf. . Accessed: 2020-12-27.

[28]

Cyntia Vargas Martínez and Birgit Vogel-Heuser. 2018. Towards Industrial Intrusion Prevention Systems: A Concept and Implementation for Reactive Protection. Applied Sciences 8, 12 (2018), 2460.

[29]

Jiao Wang, Kefeng Fan, Wei Mo, and Dongyang Xu. 2016. A method for information security risk assessment based on the dynamic bayesian network. In 2016 International Conference on Networking and Network Applications (NaNA). IEEE, 279–283.

[30]

Jiali Wang, Martin Neil, and Norman Fenton. 2020. A Bayesian network approach for cybersecurity risk assessment implementing and extending the FAIR model. Computers & Security 89(2020), 101659.

Digital Library

[31]

Ding Yu-Ting, Qu Hai-Peng, and Teng Xi-Long. 2014. Real-time risk assessment based on hidden Markov model and security configuration. In 2014 International Conference on Information Science, Electronics and Electrical Engineering, Vol. 3. IEEE, 1600–1603.

[32]

Qi Zhang, Chunjie Zhou, Yu-Chu Tian, Naixue Xiong, Yuanqing Qin, and Bowen Hu. 2018. A fuzzy probability bayesian network approach for dynamic cybersecurity risk assessment in industrial control systems. IEEE Transactions on Industrial Informatics 14, 6 (2018), 2497–2506.

[33]

Álvarez, Antonio. 2020. WISER. Wide – Impact cyber Security Risk framework. https://www.cyberwiser.eu/content/d52-wiser-real-time-assessment-infrastructure. Accessed: 2020-12-27.

Cited By

Liu GChen XGuo XHe YHuang XLu H(2024)A Review of Security Assessment Methods for 5G Industrial InternetNetwork Simulation and Evaluation10.1007/978-981-97-4522-7_16(219-233)Online publication date: 2-Aug-2024
https://doi.org/10.1007/978-981-97-4522-7_16
Możaryn JJuszczyński SAl-Jarrah O(2024)Securing Industrial Operational Technology Networks: A Cybersecurity Management Approach and Testbed EvaluationDigital Interaction and Machine Intelligence10.1007/978-3-031-66594-3_34(327-335)Online publication date: 15-Aug-2024
https://doi.org/10.1007/978-3-031-66594-3_34
Kerimkhulle SDildebayeva ZTokhmetov AAmirova ATussupov JMakhazhanova UAdalbek ATaberkhan RZakirova ASalykbayeva A(2023)Fuzzy Logic and Its Application in the Assessment of Information Security Risk of Industrial Internet of ThingsSymmetry10.3390/sym1510195815:10(1958)Online publication date: 23-Oct-2023
https://doi.org/10.3390/sym15101958
Show More Cited By

Index Terms

An Indicators-of-Risk Library for Industrial Network Security
1. Computer systems organization
2. Networks
  1. Network properties
  2. Network types

Index terms have been assigned to the content through auto-classification.

Recommendations

Applying Enterprise Risk Management on a Fiber Board Manufacturing Industrial Case

The study assesses the enterprise risk management (ERM) process of a fiber board manufacturing company. The objective is to practically demonstrate how a risk framework can be applied to find the key risks affecting the company. An understanding of the ...
Ranking the Transferability of Adversarial Examples
Adversarial transferability in blackbox scenarios presents a unique challenge: while attackers can employ surrogate models to craft adversarial examples, they lack assurance on whether these examples will successfully compromise the target model. Until ...
Integrated process safety and process security risk assessment of industrial cyber-physical systems in chemical plants
Abstract
Aligned with the development needs of Industry 4.0, industrial cyber-physical systems (ICPSs) are widely applied to chemical facilities to facilitate so-called intelligent production processes. Meanwhile, emerging cyber-to-physical (C2P) risks ...
Highlights
- An approach is proposed for the risk assessment of ICPSs considering safety hazards, C2P attacks, and physical attacks.
- Interdependency between safety-associated events and security-related events is considered in the risk assessment.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

August 2021

1447 pages

ISBN:9781450390514

DOI:10.1145/3465481

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES 2021

ARES 2021: The 16th International Conference on Availability, Reliability and Security

August 17 - 20, 2021

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
181
Total Downloads

Downloads (Last 12 months)38
Downloads (Last 6 weeks)2

Reflects downloads up to 26 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu GChen XGuo XHe YHuang XLu H(2024)A Review of Security Assessment Methods for 5G Industrial InternetNetwork Simulation and Evaluation10.1007/978-981-97-4522-7_16(219-233)Online publication date: 2-Aug-2024
https://doi.org/10.1007/978-981-97-4522-7_16
Możaryn JJuszczyński SAl-Jarrah O(2024)Securing Industrial Operational Technology Networks: A Cybersecurity Management Approach and Testbed EvaluationDigital Interaction and Machine Intelligence10.1007/978-3-031-66594-3_34(327-335)Online publication date: 15-Aug-2024
https://doi.org/10.1007/978-3-031-66594-3_34
Kerimkhulle SDildebayeva ZTokhmetov AAmirova ATussupov JMakhazhanova UAdalbek ATaberkhan RZakirova ASalykbayeva A(2023)Fuzzy Logic and Its Application in the Assessment of Information Security Risk of Industrial Internet of ThingsSymmetry10.3390/sym1510195815:10(1958)Online publication date: 23-Oct-2023
https://doi.org/10.3390/sym15101958
Fauzi RSembiring J(2023)A Review on Information Security Risk Assessment of Smart Systems: Risk Landscape, Challenges, and Prospective Methods2023 10th International Conference on ICT for Smart Society (ICISS)10.1109/ICISS59129.2023.10291306(1-6)Online publication date: 6-Sep-2023
https://doi.org/10.1109/ICISS59129.2023.10291306
Zhang SShi PDu TSu XHan YChen P(2022)Threat Modeling and Reasoning for Industrial Control System Assets2022 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom)10.1109/ISPA-BDCloud-SocialCom-SustainCom57177.2022.00066(468-475)Online publication date: Dec-2022
https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom57177.2022.00066

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents