Work-in-Progress: Attack Scenarios (title not shown in full)

This presentation is part of the Works-in-Progress session, which aims to provide authors with early feedback to adjust on-going research. Manuscript titles are redacted until the work has been published.

Industrial Control Systems (ICS) are a highly valuable target for cyber attacks. The number of cyber attacks on ICS is growing every year and, with each major attack, the impact is becoming more severe. The damage of such attacks directly transfers into the physical operations and results in higher average economic impact. Recent cyber attacks have shown that a single average attack can reach tens of millions of USD. Realistic attack scenarios will allow to study real-life cyber attacks in a contained environment and develop defences, capable of detecting advanced threat actors. Common scenarios against which defences can be evaluated and compared. This is a work-in-progress paper, that presents ongoing research, aimed at understanding the attack paths, including paths of least resistance, and generating real-life reference scenarios for the cyber attackers of different skillset breaching the industrial networks. The research goal is to create a capacity to generate a range of realistic scenarios with specific conditions, nuances, and constraints, such as the shortest path, least cost, most impact, etc. Generated attacks cover already existing attacks and the attacks that have never happened before but are possible.

Stanislav Abaimov is a research associate at the Department of Computer Science, University of Bristol. He received a PhD in Cyber Security and Electronic Engineering from the University of Rome, Tor Vergata; and earned a degree of MSc in Information Security at the Royal Holloway, University of London. Stanislav’s research area is related to the security of industrial control systems and machine learning application for cyber defence.

Joseph Gardiner is a Research Associate as part of the Bristol Cyber Security Group at the University of Bristol. His research covers the security of cyber physical systems, with a focus on industrial control systems and IIoT. His primary areas of focus are attack discovery within ICS, asset discovery in OT networks and digital forensics in industrial devices. He is also currently working towards a PhD at Lancaster University with a focus on security in software defined networks.