IEEE Open Journal of the Industrial Electronics Society (Jan 2025)
Enhancing Industrial Cybersecurity: Insights From Analyzing Threat Groups and Strategies in Operational Technology Environments
Abstract
In recent years, concepts and components of information technology (IT) have made their way into the shop floor, today better known as operational technology (OT). The increasing interconnection and convergence of IT and OT have exposed industrial infrastructures to cyber attacks. In addition, they have become vulnerable to advanced persistent threats. This article examines real-world incidents, looking at the complex landscape of threat groups targeting OT environments and the tactic, technique, and procedures employed by these threat groups. Consequently, it highlights the need for increased vigilance in protecting OT environments, which can be done by using a variety of open-source threat intelligence platforms and databases, including Thai computer emergency response team (ThaiCERT), Malpedia by Fraunhofer-Institut für Kommunikation, Informationsverarbeitung und Ergonomie (Malpedia by FKIE), adversarial tactics, techniques, and common knowledge by massachusetts institute of technology research and engineering (MITRE ATT&CK), and Industrial Control Systems Cyber Emergency Response Team. We aim to provide relevant stakeholders (manufacturers, asset owners and system integrators), including Chief Information Security Officers, with information on emerging threat groups, attack victims and their locations, the origins of attacks, the tools and types of tools used, and the motivations behind these attacks. This understanding is crucial to improving defensive strategies based on relevant standards and frameworks and protecting OT environments against evolving cyber threats.
Keywords
