A Case Study for Cyber Incident Report in Industrial Control Systems
Author(s)
Ang, Kim Whatt Gary
DownloadThesis PDF (4.165Mb)
Advisor
Madnick, Stuart
Terms of use
Metadata
Show full item recordAbstract
In recent times, Cyber Incidents have increased in frequency and complexity. These incidents have come from a wide range of sources, from lone individuals to complex state-sponsored teams. In particular, these cyber-crime organizations have used a variety of tactics, techniques, and procedures (TTP) from exploiting well-known vulnerabilities to navigating highly sophisticated zero-day pathways in order to attack systems, sabotage critical services, commit financial crimes, and gather sensitive information for political gain.
Industrial Control Systems (ICSs) have been used in critical infrastructure sectors such as nuclear reactors for power generation. These ICSs have evolved to connect with the enterprise systems for centralized management, opening up new risks. The risks of ICS Cyber Incidents have been increasing, some of which have brought severe consequences. Although governments have classified these risks as a matter of national security, the successful prevention and mitigation of such incidents will increasingly depend on the ability of organizations to share cyber threat information and use it to improve their security posture.
New regulations, such as the Cyber Incident Reporting for Critical Infrastructure Act 2022 (CIRCIA), emphasize the need and urgency of reporting relevant details of a Cyber Incident. These reports will allow the relevant authorities (e.g. Cybersecurity and Infrastructure Security Agency (CISA)) to spot trends and quickly share critical information with network defenders to warn other potential victims. Can organizations that rely on ICSs improve their cybersecurity posture through Cyber Incident Reports? What are the necessary ingredients for Cyber Incident Reports to be effective?
This research aims to answer these questions by studying the current state of Cyber Incident Reporting in terms of definition, purposes, regulations and more. This research also seeks to understand the current Cyber Incident Reports formats available to the public and map out their advantages and disadvantages based on National Institute of Standards and Technology (NIST) Cybersecurity recommendations on Cyber Incident Reporting. In addition, this research evaluates the use of the MITRE ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) Framework for ICS in a Cyber Incident report. This research could help ICS organizations improve their process of Cyber Incident reporting.
Date issued
2022-09Department
System Design and Management Program.Publisher
Massachusetts Institute of Technology