Cyber Attack Scenario Generation Method for Improving the Efficient of Security Measures in Industrial Control Systems

Abstract

Risk analysis based on attack scenarios is useful for security measures in ICS (Industrial Control System). However, the generation of attack scenarios requires a lot of time and effort from ICS and security experts. To make this generation efficient, a systematic method for generating attack scenarios is needed. Therefore, the purpose of this study is to establish a method that simplifies the construction of attack models and enables the comprehensive generation of scenarios that are concrete and useful for risk analysis. In this study, we proposed a model that assigns security countermeasure attributes to devices and networks in ICS modelling, and attack techniques analysis and attack path generation algorithms using these models. The proposed method can achieve efficient risk analysis in an ICS environment without making other security countermeasure processes inefficient.