[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.4218/etrij.2021-0181

STRIDE-based threat modeling and DREAD evaluation for the distributed control system in the oil refinery

Kyoung Ho Kim (CISO Organization, S-OIL Corporation)
Kyounggon Kim (Center of Excellence in Cybercrime and Digital Forensics, Naif Arab University for Security Sciences)
Huy Kang Kim (School of Cybersecurity, Korea University)

Publication Information

ETRI Journal / v.44, no.6, 2022 , pp. 991-1003 More about this Journal

Abstract

Industrial control systems (ICSs) used to be operated in closed networks, that is, separated physically from the Internet and corporate networks, and independent protocols were used for each manufacturer. Thus, their operation was relatively safe from cyberattacks. However, with advances in recent technologies, such as big data and internet of things, companies have been trying to use data generated from the ICS environment to improve production yield and minimize process downtime. Thus, ICSs are being connected to the internet or corporate networks. These changes have increased the frequency of attacks on ICSs. Despite this increased cybersecurity risk, research on ICS security remains insufficient. In this paper, we analyze threats in detail using STRIDE threat analysis modeling and DREAD evaluation for distributed control systems, a type of ICSs, based on our work experience as cybersecurity specialists at a refinery. Furthermore, we verify the validity of threats identified using STRIDE through case studies of major ICS cybersecurity incidents: Stuxnet, BlackEnergy 3, and Triton. Finally, we present countermeasures and strategies to improve risk assessment of identified threats.

Keywords

countermeasures; distributed control system(DCS); DREAD; industrial control system(ICS); network; operation technology(OT); STRIDE; threat modeling;

Citations & Related Records

Times Cited By KSCI : 1 (Citation Analysis)

Reference
Cited By KSCI

1	K. Kim, K. Cho, J. Lim, Y. H. Jung, M. S. Sung, S. B. Kim, and H. K. Kim, What's your protocol: Vulnerabilities and security threats related to z-wave protocol, Pervasive Mobile Comput. 66 (2020), 101211.
2	M. Yampolskiy, P. Horvath, X. D. Koutsoukos, Y. Xue, and J. Sztipanovits, Systematic analysis of cyber-attacks on cpsevaluating applicability of dfd-based approach, (5th International Symposium on Resilient Control Systems, Salt Lake, UT, USA), 2012, pp. 55-62.
3	PAS Ralston, J. H. Graham, and J. L. Hieb, Cyber security risk assessment for scada and dcs networks, ISA Trans. 46 (2007), no. 4, 583-594. DOI
4	Y. Cherdantseva, P. Burnap, A. Blyth, P. Eden, K. Jones, H. Soulsby, and K. Stoddart, A review of cyber security risk assessment methods for scada systems, Comput. Secur. 56 (2016), 1-27. DOI
5	Y. Cherdantseva and J. Hilton, A reference model of information assurance & security, (International Conference on Availability, Reliability and Security), 2013, pp. 546-555.
6	A. Shostack, Threat modeling: designing for security, John Wiley & Sons, 2014.
7	A. Shostack, Experiences threat modeling at microsoft, MODSEC@ MoDELS 2008 (2008), 35.
8	P. D. Curtis and N. Mehravari, Evaluating and improving cybersecurity capabilities of the energy critical infrastructure, (IEEE International Symposium on Technologies for Homeland Security, Waltham, MA, USA), 2015, pp. 1-6.
9	R. Langner, Stuxnet: dissecting a cyberwarfare weapon, IEEE Sec. Privacy 9 (2011), no. 3, 49-51. DOI
10	D. U. Case, Analysis of the cyber attack on the ukrainian power grid, Electr. Inform. Shar. Anal. Center (E-ISAC) 388 (2016), 1-29.
11	M. Geiger, J. Bauer, M. Masuch, and J. Franke, An analysis of black energy 3, crashoverride, and trisis, three malware approaches targeting operational technology systems, (25th IEEE International Conference on Emerging Technologies and Factory Automation, Vienna, Austria), 2020, pp. 1537-1543.
12	A. Di Pinto, Y. Dragoni, and A. Carcano, TRITON: the first ICS cyber attack on safety instrument systems, (Proc. Black Hat USA), vol. 2018, 2018, pp. 1-26.
13	Fortinet, 2020 state of operational technology and cybersecurity report, 2020. Available from: https://www.fortinet.com/content/dam/fortinet/assets/analyst-reports/report-state-ofoperational-technology.pdf [last accessed May 2021].
14	C. Stevens, Assembling cybersecurity: the politics and materiality of technical malware reports and the case of stuxnet, Contemp. Sec. Policy 41 (2020), no. 1, 129-152. DOI
15	G. Sindre and A. L. Opdahl, Eliciting security requirements with misuse cases, Require. Eng. 10 (2005), no. 1, 34-44. DOI
16	E. G. Amoroso, Fundamentals of computer security technology, Prentice-Hall, Inc., 1994.
17	B. Schneier, Attack trees, Dr. Dobb's J. 24 (1999), no. 12, 21-29.
18	L. Kohnfelder and P. Garg, The threats to our products, Microsoft Interf. Microsoft Corp. 33 (1999).
19	F. Swiderski and W. Snyder, Threat modeling, Microsoft Press, 2004.
20	B. Gates, Trustworthy computing, 2002. Available from: https://www.wired.com/2002/01/bill-gates-trustworthycomputing/ [last accessed May 2021].
21	C. Alberts, A. Dorofee, J. Stevens, and C. Woody, Introduction to the octave approach, Tech. report. Carnegie-Mellon Univ. Pittsburgh Software Engineering Inst, 2003.
22	M. Schiffman, A. Wright, D. Ahmad, and G. Eschelbeck, The common vulnerability scoring system, National Infrastructure Advisory Council, Vulnerability Disclosure Working Group, Vulnerability Scoring Subgroup, 2004.
23	N. R. Mead, F. Shull, K. Vemuru, and O. Villadsen, A hybrid threat modeling method, Technical Report-CMU/SEI-2018-TN002, Carnegie MellonUniversity-Software Engineering Institute, 2018.
24	B. Potteiger, G. Martins, and X. Koutsoukos, Software and attack centric integrated threat modeling for quantitative risk assessment, (Proceedings of the Symposium and Bootcamp on the Science of Security, New York, NY, USA), 2016, pp. 99-108.
25	P. Saitta, B. Larcom, and M. Eddington, Trike v. 1 methodology document [draft], 2005. URL: http://dymaxion.org/trike/Trikev1MethodologyDocumentdraftpdf
26	B. Beyst, Which threat modeling method. threatmodeler, Apr. 2016. Available from: https://threatmodeler.com/threatmodeling-methodologies-vast/ [last accessed May 2022].
27	T. UcedaVelez and M. M. Morana, Risk centric threat modeling, Wiley Online Library, 2015.
28	klockwork, Threat modeling for secure embedded software, 2011.
29	T. A. Kletz, Hazop and hazan: Identifying and assessing process industry hazards, IChemE, 1999.
30	T. Denning, B. Friedman, and T. Kohno, Security and privacy threat discovery cards, 2013. Available from: http:// securitycards.cs.washington.edu/assets/security-cards-deckwith-croplines.pdf [last accessed May 2022].
31	K. Wuyts and W. Joosen, Linddun privacy threat modeling: A tutorial, Technical Report (CW Reports), vol. C685, (Department of Computer Science, KU Leuven), 2015.
32	N. Shevchenko, B. R. Frye, and C. Woody, Threat modeling for cyber-physical system-of-systems: Methods evaluation. Tech. report. Carnegie Mellon University Software Engineering Institute Pittsburgh United, 2018.
33	E. A. AbuEmera, H. A. ElZouka, and A. A. Saad, Security framework for identifying threats in smart manufacturing systems using stride approach, (2nd International Conference on Consumer Electronics and Computer Engineering, Guangzhou, China), 2022, pp. 605-612.
34	Cybersecurity & Infrastructure Security Agency (CISA), Ics-cert website. Available from: https://us-cert.cisa.gov/ics [last accessed May 2021].
35	NIST, Nist cybersecurity framework, 2017. Available from: https://www.nist.gov/cyberframework [last accessed May 2021].
36	K. Stouffer, J. Falco, and K. Scarfone, Sp 800-82 rev. 2, Guide Industr. Contr. Syst. (ICS) Sec. NIST 2 (2015), no. 3, 5.
37	Australian Cyber Security Centre (ACSC), Cert australia. Available from: https://www.cyber.gov.au/ [last accessed May 2021].
38	R. Khan, K. McLaughlin, D. Laverty, and S. Sezer, Stride-based threat modeling for cyber-physical systems, (IEEE PES Innovative Smart Grid Technologies Conference Europe, Turin, Italy), 2017, pp. 1-6.
39	K. K. Gon and K. S. Hoon, Using threat modeling for risk analysis of smarthome, (Proceedings of Symposium of the Korean Institute of Communications and Information Sciences), 2015, pp. 378-379.