ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

STRIDE-based threat modeling and DREAD evaluation for the distributed control system in the oil refinery

  • Kyoung Ho, Kim (CISO Organization, S-OIL Corporation) ;
  • Kyounggon, Kim (Center of Excellence in Cybercrime and Digital Forensics, Naif Arab University for Security Sciences) ;
  • Huy Kang, Kim (School of Cybersecurity, Korea University)
  • Received : 2021.06.02
  • Accepted : 2022.06.23
  • Published : 2022.12.10
Download PDF
⟨ Previous Next ⟩

Abstract

Industrial control systems (ICSs) used to be operated in closed networks, that is, separated physically from the Internet and corporate networks, and independent protocols were used for each manufacturer. Thus, their operation was relatively safe from cyberattacks. However, with advances in recent technologies, such as big data and internet of things, companies have been trying to use data generated from the ICS environment to improve production yield and minimize process downtime. Thus, ICSs are being connected to the internet or corporate networks. These changes have increased the frequency of attacks on ICSs. Despite this increased cybersecurity risk, research on ICS security remains insufficient. In this paper, we analyze threats in detail using STRIDE threat analysis modeling and DREAD evaluation for distributed control systems, a type of ICSs, based on our work experience as cybersecurity specialists at a refinery. Furthermore, we verify the validity of threats identified using STRIDE through case studies of major ICS cybersecurity incidents: Stuxnet, BlackEnergy 3, and Triton. Finally, we present countermeasures and strategies to improve risk assessment of identified threats.

Keywords

Acknowledgement

This research was supported by the Institute of Information & Communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2021-0-00624, Development of Intelligence Cyber Attack and Defense Analysis Framework for Increasing Security Level of C-ITS) and Security Research Center of Naif Arab University for Security Sciences, under grant agreement No. SRC-PR2-05.

References

  1. Fortinet, 2020 state of operational technology and cybersecurity report, 2020. Available from: https://www.fortinet.com/content/dam/fortinet/assets/analyst-reports/report-state-ofoperational-technology.pdf [last accessed May 2021].
  2. C. Stevens, Assembling cybersecurity: the politics and materiality of technical malware reports and the case of stuxnet, Contemp. Sec. Policy 41 (2020), no. 1, 129-152. https://doi.org/10.1080/13523260.2019.1675258
  3. G. Sindre and A. L. Opdahl, Eliciting security requirements with misuse cases, Require. Eng. 10 (2005), no. 1, 34-44. https://doi.org/10.1007/s00766-004-0194-4
  4. E. G. Amoroso, Fundamentals of computer security technology, Prentice-Hall, Inc., 1994.
  5. B. Schneier, Attack trees, Dr. Dobb's J. 24 (1999), no. 12, 21-29.
  6. L. Kohnfelder and P. Garg, The threats to our products, Microsoft Interf. Microsoft Corp. 33 (1999).
  7. B. Gates, Trustworthy computing, 2002. Available from: https://www.wired.com/2002/01/bill-gates-trustworthycomputing/ [last accessed May 2021].
  8. F. Swiderski and W. Snyder, Threat modeling, Microsoft Press, 2004.
  9. C. Alberts, A. Dorofee, J. Stevens, and C. Woody, Introduction to the octave approach, Tech. report. Carnegie-Mellon Univ. Pittsburgh Software Engineering Inst, 2003.
  10. M. Schiffman, A. Wright, D. Ahmad, and G. Eschelbeck, The common vulnerability scoring system, National Infrastructure Advisory Council, Vulnerability Disclosure Working Group, Vulnerability Scoring Subgroup, 2004.
  11. N. R. Mead, F. Shull, K. Vemuru, and O. Villadsen, A hybrid threat modeling method, Technical Report-CMU/SEI-2018-TN002, Carnegie MellonUniversity-Software Engineering Institute, 2018.
  12. B. Potteiger, G. Martins, and X. Koutsoukos, Software and attack centric integrated threat modeling for quantitative risk assessment, (Proceedings of the Symposium and Bootcamp on the Science of Security, New York, NY, USA), 2016, pp. 99-108.
  13. P. Saitta, B. Larcom, and M. Eddington, Trike v. 1 methodology document [draft], 2005. URL: http://dymaxion.org/trike/Trikev1MethodologyDocumentdraftpdf
  14. B. Beyst, Which threat modeling method. threatmodeler, Apr. 2016. Available from: https://threatmodeler.com/threatmodeling-methodologies-vast/ [last accessed May 2022].
  15. T. UcedaVelez and M. M. Morana, Risk centric threat modeling, Wiley Online Library, 2015.
  16. klockwork, Threat modeling for secure embedded software, 2011.
  17. T. A. Kletz, Hazop and hazan: Identifying and assessing process industry hazards, IChemE, 1999.
  18. T. Denning, B. Friedman, and T. Kohno, Security and privacy threat discovery cards, 2013. Available from: http:// securitycards.cs.washington.edu/assets/security-cards-deckwith-croplines.pdf [last accessed May 2022].
  19. K. Wuyts and W. Joosen, Linddun privacy threat modeling: A tutorial, Technical Report (CW Reports), vol. C685, (Department of Computer Science, KU Leuven), 2015.
  20. N. Shevchenko, B. R. Frye, and C. Woody, Threat modeling for cyber-physical system-of-systems: Methods evaluation. Tech. report. Carnegie Mellon University Software Engineering Institute Pittsburgh United, 2018.
  21. E. A. AbuEmera, H. A. ElZouka, and A. A. Saad, Security framework for identifying threats in smart manufacturing systems using stride approach, (2nd International Conference on Consumer Electronics and Computer Engineering, Guangzhou, China), 2022, pp. 605-612.
  22. Cybersecurity & Infrastructure Security Agency (CISA), Ics-cert website. Available from: https://us-cert.cisa.gov/ics [last accessed May 2021].
  23. NIST, Nist cybersecurity framework, 2017. Available from: https://www.nist.gov/cyberframework [last accessed May 2021].
  24. K. Stouffer, J. Falco, and K. Scarfone, Sp 800-82 rev. 2, Guide Industr. Contr. Syst. (ICS) Sec. NIST 2 (2015), no. 3, 5.
  25. Australian Cyber Security Centre (ACSC), Cert australia. Available from: https://www.cyber.gov.au/ [last accessed May 2021].
  26. R. Khan, K. McLaughlin, D. Laverty, and S. Sezer, Stride-based threat modeling for cyber-physical systems, (IEEE PES Innovative Smart Grid Technologies Conference Europe, Turin, Italy), 2017, pp. 1-6.
  27. K. K. Gon and K. S. Hoon, Using threat modeling for risk analysis of smarthome, (Proceedings of Symposium of the Korean Institute of Communications and Information Sciences), 2015, pp. 378-379.
  28. K. Kim, K. Cho, J. Lim, Y. H. Jung, M. S. Sung, S. B. Kim, and H. K. Kim, What's your protocol: Vulnerabilities and security threats related to z-wave protocol, Pervasive Mobile Comput. 66 (2020), 101211.
  29. M. Yampolskiy, P. Horvath, X. D. Koutsoukos, Y. Xue, and J. Sztipanovits, Systematic analysis of cyber-attacks on cpsevaluating applicability of dfd-based approach, (5th International Symposium on Resilient Control Systems, Salt Lake, UT, USA), 2012, pp. 55-62.
  30. PAS Ralston, J. H. Graham, and J. L. Hieb, Cyber security risk assessment for scada and dcs networks, ISA Trans. 46 (2007), no. 4, 583-594. https://doi.org/10.1016/j.isatra.2007.04.003
  31. Y. Cherdantseva, P. Burnap, A. Blyth, P. Eden, K. Jones, H. Soulsby, and K. Stoddart, A review of cyber security risk assessment methods for scada systems, Comput. Secur. 56 (2016), 1-27. https://doi.org/10.1016/j.cose.2015.09.009
  32. Y. Cherdantseva and J. Hilton, A reference model of information assurance & security, (International Conference on Availability, Reliability and Security), 2013, pp. 546-555.
  33. A. Shostack, Threat modeling: designing for security, John Wiley & Sons, 2014.
  34. A. Shostack, Experiences threat modeling at microsoft, MODSEC@ MoDELS 2008 (2008), 35.
  35. P. D. Curtis and N. Mehravari, Evaluating and improving cybersecurity capabilities of the energy critical infrastructure, (IEEE International Symposium on Technologies for Homeland Security, Waltham, MA, USA), 2015, pp. 1-6.
  36. R. Langner, Stuxnet: dissecting a cyberwarfare weapon, IEEE Sec. Privacy 9 (2011), no. 3, 49-51. https://doi.org/10.1109/MSP.2011.67
  37. D. U. Case, Analysis of the cyber attack on the ukrainian power grid, Electr. Inform. Shar. Anal. Center (E-ISAC) 388 (2016), 1-29.
  38. M. Geiger, J. Bauer, M. Masuch, and J. Franke, An analysis of black energy 3, crashoverride, and trisis, three malware approaches targeting operational technology systems, (25th IEEE International Conference on Emerging Technologies and Factory Automation, Vienna, Austria), 2020, pp. 1537-1543.
  39. A. Di Pinto, Y. Dragoni, and A. Carcano, TRITON: the first ICS cyber attack on safety instrument systems, (Proc. Black Hat USA), vol. 2018, 2018, pp. 1-26.