Legacy ICS Cybersecurity Assessment Using Hybrid Threat Modeling—An Oil and Gas Sector Case Study
As security breaches are increasingly widely reported in today’s culture, cybersecurity is gaining attention on a global scale. Threat modeling methods (TMM) are a proactive security practice that is essential for pinpointing risks and limiting their impact. This paper proposes a hybrid threat model...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-09-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/14/18/8398 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850259055947284480 |
|---|---|
| author | Mohamed Badawy Nada H. Sherief Ayman A. Abdel-Hamid |
| author_facet | Mohamed Badawy Nada H. Sherief Ayman A. Abdel-Hamid |
| author_sort | Mohamed Badawy |
| collection | DOAJ |
| description | As security breaches are increasingly widely reported in today’s culture, cybersecurity is gaining attention on a global scale. Threat modeling methods (TMM) are a proactive security practice that is essential for pinpointing risks and limiting their impact. This paper proposes a hybrid threat modeling framework based on system-centric, attacker-centric, and risk-centric approaches to identify threats in Operational Technology (OT) applications. OT is made up of software and hardware used to manage, secure, and control industrial control systems (ICS), and its environments include factories, power plants, oil and gas refineries, and pipelines. To visualize the “big picture” of its infrastructure risk profile and improve understanding of the full attack surface, the proposed framework builds on several threat modeling methodologies: PASTA modeling, STRIDE, and attack tree components. Nevertheless, the continuity and stability of vital infrastructure will continue to depend heavily on legacy equipment. Thus, protecting the availability, security, and safety of industrial environments and vital infrastructure from cyberattacks requires operational technology (OT) cybersecurity. The feasibility of the proposed approach is illustrated with a case study from a real oil and gas production plant control system where numerous significant cyberattacks in recent years have targeted OT networks more frequently as hackers realized the possibility of disruption due to insufficient OT security, particularly for outdated systems. The proposed framework achieved better results in detecting threats and severity in the design of the case study system, helping to increase security and support cybersecurity assessment of legacy control systems. |
| format | Article |
| id | doaj-art-03cb888d494a4dd3bf0bc1ee6e7fadb9 |
| institution | OA Journals |
| issn | 2076-3417 |
| language | English |
| publishDate | 2024-09-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-03cb888d494a4dd3bf0bc1ee6e7fadb92025-08-20T01:55:58ZengMDPI AGApplied Sciences2076-34172024-09-011418839810.3390/app14188398Legacy ICS Cybersecurity Assessment Using Hybrid Threat Modeling—An Oil and Gas Sector Case StudyMohamed Badawy0Nada H. Sherief1Ayman A. Abdel-Hamid2College of Computing and Information Technology, Arab Academy for Science, Technology and Maritime Transport, Alexandria P.O. Box 1029, EgyptCollege of Computing and Information Technology, Arab Academy for Science, Technology and Maritime Transport, Alexandria P.O. Box 1029, EgyptCollege of Computing and Information Technology, Arab Academy for Science, Technology and Maritime Transport, Alexandria P.O. Box 1029, EgyptAs security breaches are increasingly widely reported in today’s culture, cybersecurity is gaining attention on a global scale. Threat modeling methods (TMM) are a proactive security practice that is essential for pinpointing risks and limiting their impact. This paper proposes a hybrid threat modeling framework based on system-centric, attacker-centric, and risk-centric approaches to identify threats in Operational Technology (OT) applications. OT is made up of software and hardware used to manage, secure, and control industrial control systems (ICS), and its environments include factories, power plants, oil and gas refineries, and pipelines. To visualize the “big picture” of its infrastructure risk profile and improve understanding of the full attack surface, the proposed framework builds on several threat modeling methodologies: PASTA modeling, STRIDE, and attack tree components. Nevertheless, the continuity and stability of vital infrastructure will continue to depend heavily on legacy equipment. Thus, protecting the availability, security, and safety of industrial environments and vital infrastructure from cyberattacks requires operational technology (OT) cybersecurity. The feasibility of the proposed approach is illustrated with a case study from a real oil and gas production plant control system where numerous significant cyberattacks in recent years have targeted OT networks more frequently as hackers realized the possibility of disruption due to insufficient OT security, particularly for outdated systems. The proposed framework achieved better results in detecting threats and severity in the design of the case study system, helping to increase security and support cybersecurity assessment of legacy control systems.https://www.mdpi.com/2076-3417/14/18/8398threat modelingOperational Technology (OT)Industrial Control Systems (ICS)oil and gas cyber threatscybersecuritySTRIDE |
| spellingShingle | Mohamed Badawy Nada H. Sherief Ayman A. Abdel-Hamid Legacy ICS Cybersecurity Assessment Using Hybrid Threat Modeling—An Oil and Gas Sector Case Study Applied Sciences threat modeling Operational Technology (OT) Industrial Control Systems (ICS) oil and gas cyber threats cybersecurity STRIDE |
| title | Legacy ICS Cybersecurity Assessment Using Hybrid Threat Modeling—An Oil and Gas Sector Case Study |
| title_full | Legacy ICS Cybersecurity Assessment Using Hybrid Threat Modeling—An Oil and Gas Sector Case Study |
| title_fullStr | Legacy ICS Cybersecurity Assessment Using Hybrid Threat Modeling—An Oil and Gas Sector Case Study |
| title_full_unstemmed | Legacy ICS Cybersecurity Assessment Using Hybrid Threat Modeling—An Oil and Gas Sector Case Study |
| title_short | Legacy ICS Cybersecurity Assessment Using Hybrid Threat Modeling—An Oil and Gas Sector Case Study |
| title_sort | legacy ics cybersecurity assessment using hybrid threat modeling an oil and gas sector case study |
| topic | threat modeling Operational Technology (OT) Industrial Control Systems (ICS) oil and gas cyber threats cybersecurity STRIDE |
| url | https://www.mdpi.com/2076-3417/14/18/8398 |
| work_keys_str_mv | AT mohamedbadawy legacyicscybersecurityassessmentusinghybridthreatmodelinganoilandgassectorcasestudy AT nadahsherief legacyicscybersecurityassessmentusinghybridthreatmodelinganoilandgassectorcasestudy AT aymanaabdelhamid legacyicscybersecurityassessmentusinghybridthreatmodelinganoilandgassectorcasestudy |