Enhancing Industrial Cybersecurity: Insights From Analyzing Threat Groups and Strategies in Operational Technology Environments

IF 5.2 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC

IEEE Open Journal of the Industrial Electronics Society Pub Date : 2025-01-08 DOI:10.1109/OJIES.2025.3527585

Mukund Bhole;Thilo Sauter;Wolfgang Kastner

{"title":"Enhancing Industrial Cybersecurity: Insights From Analyzing Threat Groups and Strategies in Operational Technology Environments","authors":"Mukund Bhole;Thilo Sauter;Wolfgang Kastner","doi":"10.1109/OJIES.2025.3527585","DOIUrl":null,"url":null,"abstract":"In recent years, concepts and components of information technology (IT) have made their way into the shop floor, today better known as operational technology (OT). The increasing interconnection and convergence of IT and OT have exposed industrial infrastructures to cyber attacks. In addition, they have become vulnerable to advanced persistent threats. This article examines real-world incidents, looking at the complex landscape of threat groups targeting OT environments and the tactic, technique, and procedures employed by these threat groups. Consequently, it highlights the need for increased vigilance in protecting OT environments, which can be done by using a variety of open-source threat intelligence platforms and databases, including Thai computer emergency response team (ThaiCERT), Malpedia by Fraunhofer-Institut für Kommunikation, Informationsverarbeitung und Ergonomie (Malpedia by FKIE), adversarial tactics, techniques, and common knowledge by massachusetts institute of technology research and engineering (MITRE ATT&CK), and Industrial Control Systems Cyber Emergency Response Team. We aim to provide relevant stakeholders (manufacturers, asset owners and system integrators), including Chief Information Security Officers, with information on emerging threat groups, attack victims and their locations, the origins of attacks, the tools and types of tools used, and the motivations behind these attacks. This understanding is crucial to improving defensive strategies based on relevant standards and frameworks and protecting OT environments against evolving cyber threats.","PeriodicalId":52675,"journal":{"name":"IEEE Open Journal of the Industrial Electronics Society","volume":"6 ","pages":"145-157"},"PeriodicalIF":5.2000,"publicationDate":"2025-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10834594","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Open Journal of the Industrial Electronics Society","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10834594/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

In recent years, concepts and components of information technology (IT) have made their way into the shop floor, today better known as operational technology (OT). The increasing interconnection and convergence of IT and OT have exposed industrial infrastructures to cyber attacks. In addition, they have become vulnerable to advanced persistent threats. This article examines real-world incidents, looking at the complex landscape of threat groups targeting OT environments and the tactic, technique, and procedures employed by these threat groups. Consequently, it highlights the need for increased vigilance in protecting OT environments, which can be done by using a variety of open-source threat intelligence platforms and databases, including Thai computer emergency response team (ThaiCERT), Malpedia by Fraunhofer-Institut für Kommunikation, Informationsverarbeitung und Ergonomie (Malpedia by FKIE), adversarial tactics, techniques, and common knowledge by massachusetts institute of technology research and engineering (MITRE ATT&CK), and Industrial Control Systems Cyber Emergency Response Team. We aim to provide relevant stakeholders (manufacturers, asset owners and system integrators), including Chief Information Security Officers, with information on emerging threat groups, attack victims and their locations, the origins of attacks, the tools and types of tools used, and the motivations behind these attacks. This understanding is crucial to improving defensive strategies based on relevant standards and frameworks and protecting OT environments against evolving cyber threats.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Open Journal of the Industrial Electronics Society ENGINEERING, ELECTRICAL & ELECTRONIC-

CiteScore

10.80

自引率

2.40%

发文量

审稿时长

12 weeks

期刊介绍： The IEEE Open Journal of the Industrial Electronics Society is dedicated to advancing information-intensive, knowledge-based automation, and digitalization, aiming to enhance various industrial and infrastructural ecosystems including energy, mobility, health, and home/building infrastructure. Encompassing a range of techniques leveraging data and information acquisition, analysis, manipulation, and distribution, the journal strives to achieve greater flexibility, efficiency, effectiveness, reliability, and security within digitalized and networked environments. Our scope provides a platform for discourse and dissemination of the latest developments in numerous research and innovation areas. These include electrical components and systems, smart grids, industrial cyber-physical systems, motion control, robotics and mechatronics, sensors and actuators, factory and building communication and automation, industrial digitalization, flexible and reconfigurable manufacturing, assistant systems, industrial applications of artificial intelligence and data science, as well as the implementation of machine learning, artificial neural networks, and fuzzy logic. Additionally, we explore human factors in digitalized and networked ecosystems. Join us in exploring and shaping the future of industrial electronics and digitalization.