Estimating the Time-To-Compromise of Exploiting Industrial Control System Vulnerabilities

Engla Rencelj Ling; Mathias Ekstedt

doi:10.5220/0010817400003120

Estimating the Time-To-Compromise of Exploiting Industrial Control System Vulnerabilities

Engla Rencelj Ling, Mathias Ekstedt

2022

Abstract

The metric Time-To-Compromise (TTC) can be used for estimating the time taken for an attacker to compromise a component or a system. The TTC helps to identify the most critical attacks, which is useful when allocating resources for strengthening the cyber security of a system. In this paper we describe our updated version of the original definition of TTC. The updated version is specifically developed for the Industrial Control Systems domain. The Industrial Control Systems are essential for our society since they are a big part of producing, for example, electricity and clean water. Therefore, it is crucial that we keep these systems secure from cyberattacks. We align the method of estimating the TTC to Industrial Control Systems by updating the original definition’s parameters and use a vulnerability dataset specific for the domain. The new definition is evaluated by comparing estimated Time-To-Compromise values for Industrial Control System attack scenarios to previous research results.

Download

Paper Citation

in Harvard Style

Rencelj Ling E. and Ekstedt M. (2022). Estimating the Time-To-Compromise of Exploiting Industrial Control System Vulnerabilities. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 96-107. DOI: 10.5220/0010817400003120

in Bibtex Style

@conference{icissp22,
author={Engla Rencelj Ling and Mathias Ekstedt},
title={Estimating the Time-To-Compromise of Exploiting Industrial Control System Vulnerabilities},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={96-107},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010817400003120},
isbn={978-989-758-553-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Estimating the Time-To-Compromise of Exploiting Industrial Control System Vulnerabilities
SN - 978-989-758-553-1
AU - Rencelj Ling E.
AU - Ekstedt M.
PY - 2022
SP - 96
EP - 107
DO - 10.5220/0010817400003120