Evidence-Based Threat Modeling for ICS

TL;DR

This paper introduces an evidence-based threat modeling methodology for ICS that leverages CVE and CWE data to systematically identify threats, addressing gaps in existing approaches by providing a comprehensive and practical tool.

Contribution

The paper presents a novel, systematic threat modeling approach for ICS using CVE-CWE pairs, implemented as a practical tool for real-world applications.

Findings

Successfully applied to a typical SCADA system

Generated a comprehensive threat list for ICS

Demonstrated practicality and applicability in real-world settings

Abstract

ICS environments are vital to the operation of critical infrastructure such as power grids, water treatment facilities, and manufacturing plants. However, these systems are vulnerable to cyber attacks due to their reliance on interconnected devices and networks, which could lead to catastrophic failures. Therefore, securing these systems from cyber threats becomes paramount. In this context, threat modeling plays an essential role. Despite the advances in threat modeling, the fundamental gap in the state-of-the art is the lack of a systematic methodology for identifying threats in ICS comprehensively. Most threat models in the literature (i) rely on expert knowledge, (ii) only include generic threats such as spoofing, tampering, etc., and (iii) these threats are not comprehensive enough for the systems in question. To overcome these limitations, we propose a novel evidence-based methodology to systematically identify threats based on existing CVE entries of components and their associated fundamental weaknesses in the form of CWE entries - namely, CVE-CWE pairs - and thereby generate a comprehensive threat list. Furthermore, we have implemented our methodology as a ready-to-use tool and have applied it to a typical SCADA system to demonstrate that our methodology is practical and applicable in real-world settings.