The Top 20 Cyber Attacks on Industrial Control Systems

  • Conference Program
  • Cybersecurity
  • April 9, 2019
  • 9:10 am - 9:55 am

This presentation reviews the top twenty cyberattack classes for industrial control systems and evaluates three different security postures against these attacks: a first-generation IT-inspired ICS security program from best-practice guidance circa 2003-2013, an upgrade to that program to accommodate an Industrial Internet of Things deployment, and an updated design reflecting modern, best-practice ICS security advice.

Business decision makers are often reluctant to allocate funds to defend against low-frequency high-impact (LFHI) attacks on the basis of subjective, qualitative risk assessments or hypothetical probabilities. A spectrum of attacks is shown to be a useful tool for explaining the consequences and benefits of existing vs proposed security postures. A spectrum of specific attacks suggests a specific answer to the question “what is the simplest attack with serious consequences that our current security posture does not defeat reliably?”