A threat model method for ICS malware: The TRISIS case

Cyber-physical attacks against plants and Critical Infrastructures (CIs) are among the most significant concerns in the 21st century and can lead to devastating consequences. In particular, with the convergence between the Operational Technology (OT) network and the traditional IT network, malware threats for Industrial Control Systems (ICSs) are gradually increasing. In these scenarios, we need to identify potential cyber threats by developing innovative modeling techniques. However, existing malware-based cyber threats modeling techniques are not fully designed for industrial environment. In this paper, we present a threat modeling framework for Industrial Control Systems malware across two different levels: the Extraction Level and the Modeling Level. We evaluate the effectiveness of our model by analyzing the TRISIS cyber attack as a use case. A complex malware developed to cause operational disruption to industrial plants. Our solution outperforms existing malware threat modeling techniques for the ICS environment, and provides useful mitigation strategies to counter malicious activities.