Litcius/Paper detail

STRIDE-based Methodologies for Threat Modeling of Industrial Control Systems: A Review

Olaf Saßnick, Thomas Rosenstatter, Christian Schäfer, Stefan Huber

202415 citationsDOI

Abstract

Industrial Control Systems (ICS) and Operational Technology (OT) in general are facing significantly increasing numbers of cyber attacks. Hence, threat identification is of utmost importance for their security architecture. The STRIDE methodology is well known for threat identification in the software domain, yet in recent years it has also been applied in other domains, such as Internet of Things, automotive or ICS. But OT domains are fundamentally different to IT by exhibiting unique characteristics such as high reliability, strict safety requirements or unique physical attack risks. Threat assessment thus needs to be adapted. This paper reviews STRIDE-based threat modeling approaches in that respect and provides a first step towards the overarching goal of establishing a common STRIDE-based methodology for threat modeling for ICS.

Topics & Concepts

STRIDEComputer scienceControl (management)Computer securityArtificial intelligenceSmart Grid Security and ResilienceAdvanced Malware Detection TechniquesInformation and Cyber Security