Vision: security-usability threat modeling for industrial control systems

Abstract

Industrial Control System (ICS) that run large-scale systems such as water, power and manufacturing are increasingly in focus given high profile attacks against such infrastructures. These systems are connected to IT systems and the Internet, the intersections of their users – typically control systems engineers and operators – with security requirements and systems add to the complexity of the threats faced by these environments. The challenges of usable security in IT systems have been studied extensively, including work on security-usability threat modeling (i.e. lack of usability exacerbating security issues). However, no work has examined similar challenges within ICS settings where, in addition to the regular requirements of information confidentiality, information integrity and information availability, requirements such as processsafety, processintegrity and processreliability are paramount for the users. Using the case of a Programmable Logic Controller (PLC), we detail the workflow that the user undertake for a security task. We analyze this workflow using STRIDE, an established threat modeling approach. We then map the threats against an existing security-usability threat model for IT systems whilst also taking into account the specific process-related requirements critical to ICS users. We then derive an initial security-usability threat model for ICS as a first step towards further work in this regard.

Read the full paper here ›