RRDD: An ATT&CK-based ICS Network Security Risk Assessment Method

RRDD: An ATT&CK-based ICS Network Security Risk Assessment Method

연구 분야: Infrastructure

학회: CNCIT '23: Proceedings of the 2023 2nd International Conference on Networks, Communications and Information Technology

The current network security situation of industrial control systems is becoming increasingly severe, and the ICS ATT&CK framework provides a unified knowledge base for attack tactics and techniques for industrial control system network security. This paper presents a RRDD model for network security risk assessment of ICS, which consists of four parts: Risk identification (R), Risk calculation (R), Defense strategy (D), and Defense measures (D). Risk identification is based on the ICS ATT&CK to analyze the network security risk assessment indicators of the ICS, to clarify the vulnerability of the industrial control system, the importance of assets, the threats faced and the existing mitigation measures. Risk calculation is based on the analysis results of risk assessment indicators, establishing a comparative judgment matrix to analyze the relative importance of each indicator, calculating the weight of each indicator, and calculating and grading the overall risk of ICS. Furthermore, the model adopts corresponding safety control strategies and measures based on the risk calculation results, and conducts closed-loop risk assessment and elimination. It can effectively evaluate and disposal the network security risks in ICS.