加强工业网络安全：从分析威胁组和战略在操作技术环境的见解

IF 5.2 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC

IEEE Open Journal of the Industrial Electronics Society Pub Date : 2025-01-08 DOI:10.1109/OJIES.2025.3527585

Mukund Bhole;Thilo Sauter;Wolfgang Kastner

{"title":"加强工业网络安全：从分析威胁组和战略在操作技术环境的见解","authors":"Mukund Bhole;Thilo Sauter;Wolfgang Kastner","doi":"10.1109/OJIES.2025.3527585","DOIUrl":null,"url":null,"abstract":"In recent years, concepts and components of information technology (IT) have made their way into the shop floor, today better known as operational technology (OT). The increasing interconnection and convergence of IT and OT have exposed industrial infrastructures to cyber attacks. In addition, they have become vulnerable to advanced persistent threats. This article examines real-world incidents, looking at the complex landscape of threat groups targeting OT environments and the tactic, technique, and procedures employed by these threat groups. Consequently, it highlights the need for increased vigilance in protecting OT environments, which can be done by using a variety of open-source threat intelligence platforms and databases, including Thai computer emergency response team (ThaiCERT), Malpedia by Fraunhofer-Institut für Kommunikation, Informationsverarbeitung und Ergonomie (Malpedia by FKIE), adversarial tactics, techniques, and common knowledge by massachusetts institute of technology research and engineering (MITRE ATT&CK), and Industrial Control Systems Cyber Emergency Response Team. We aim to provide relevant stakeholders (manufacturers, asset owners and system integrators), including Chief Information Security Officers, with information on emerging threat groups, attack victims and their locations, the origins of attacks, the tools and types of tools used, and the motivations behind these attacks. This understanding is crucial to improving defensive strategies based on relevant standards and frameworks and protecting OT environments against evolving cyber threats.","PeriodicalId":52675,"journal":{"name":"IEEE Open Journal of the Industrial Electronics Society","volume":"6 ","pages":"145-157"},"PeriodicalIF":5.2000,"publicationDate":"2025-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10834594","citationCount":"0","resultStr":"{\"title\":\"Enhancing Industrial Cybersecurity: Insights From Analyzing Threat Groups and Strategies in Operational Technology Environments\",\"authors\":\"Mukund Bhole;Thilo Sauter;Wolfgang Kastner\",\"doi\":\"10.1109/OJIES.2025.3527585\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, concepts and components of information technology (IT) have made their way into the shop floor, today better known as operational technology (OT). The increasing interconnection and convergence of IT and OT have exposed industrial infrastructures to cyber attacks. In addition, they have become vulnerable to advanced persistent threats. This article examines real-world incidents, looking at the complex landscape of threat groups targeting OT environments and the tactic, technique, and procedures employed by these threat groups. Consequently, it highlights the need for increased vigilance in protecting OT environments, which can be done by using a variety of open-source threat intelligence platforms and databases, including Thai computer emergency response team (ThaiCERT), Malpedia by Fraunhofer-Institut für Kommunikation, Informationsverarbeitung und Ergonomie (Malpedia by FKIE), adversarial tactics, techniques, and common knowledge by massachusetts institute of technology research and engineering (MITRE ATT&CK), and Industrial Control Systems Cyber Emergency Response Team. We aim to provide relevant stakeholders (manufacturers, asset owners and system integrators), including Chief Information Security Officers, with information on emerging threat groups, attack victims and their locations, the origins of attacks, the tools and types of tools used, and the motivations behind these attacks. This understanding is crucial to improving defensive strategies based on relevant standards and frameworks and protecting OT environments against evolving cyber threats.\",\"PeriodicalId\":52675,\"journal\":{\"name\":\"IEEE Open Journal of the Industrial Electronics Society\",\"volume\":\"6 \",\"pages\":\"145-157\"},\"PeriodicalIF\":5.2000,\"publicationDate\":\"2025-01-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10834594\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Open Journal of the Industrial Electronics Society\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10834594/\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Open Journal of the Industrial Electronics Society","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10834594/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

摘要

近年来，信息技术（IT）的概念和组件已经进入车间，今天更广为人知的是操作技术（OT）。信息技术与技术的日益互联和融合，使工业基础设施面临网络攻击。此外，它们已经变得容易受到高级持续性威胁的攻击。本文研究了现实世界的事件，研究了针对OT环境的威胁组织的复杂情况，以及这些威胁组织采用的策略、技术和程序。因此，它强调了在保护OT环境方面提高警惕性的必要性，这可以通过使用各种开源威胁情报平台和数据库来完成，包括泰国计算机应急响应小组（ThaiCERT）、弗劳恩霍夫研究所通信研究所的Malpedia、Informationsverarbeitung and ergonomics （FKIE的Malpedia）、麻省理工学院技术研究和工程学院的对抗战术、技术和常识。和工业控制系统网络应急响应小组。我们的目标是向包括首席信息安全官在内的相关利益相关者（制造商、资产所有者和系统集成商）提供有关新兴威胁组、攻击受害者及其位置、攻击来源、使用的工具和类型以及这些攻击背后的动机的信息。这种理解对于改进基于相关标准和框架的防御策略以及保护OT环境免受不断发展的网络威胁至关重要。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Enhancing Industrial Cybersecurity: Insights From Analyzing Threat Groups and Strategies in Operational Technology Environments

In recent years, concepts and components of information technology (IT) have made their way into the shop floor, today better known as operational technology (OT). The increasing interconnection and convergence of IT and OT have exposed industrial infrastructures to cyber attacks. In addition, they have become vulnerable to advanced persistent threats. This article examines real-world incidents, looking at the complex landscape of threat groups targeting OT environments and the tactic, technique, and procedures employed by these threat groups. Consequently, it highlights the need for increased vigilance in protecting OT environments, which can be done by using a variety of open-source threat intelligence platforms and databases, including Thai computer emergency response team (ThaiCERT), Malpedia by Fraunhofer-Institut für Kommunikation, Informationsverarbeitung und Ergonomie (Malpedia by FKIE), adversarial tactics, techniques, and common knowledge by massachusetts institute of technology research and engineering (MITRE ATT&CK), and Industrial Control Systems Cyber Emergency Response Team. We aim to provide relevant stakeholders (manufacturers, asset owners and system integrators), including Chief Information Security Officers, with information on emerging threat groups, attack victims and their locations, the origins of attacks, the tools and types of tools used, and the motivations behind these attacks. This understanding is crucial to improving defensive strategies based on relevant standards and frameworks and protecting OT environments against evolving cyber threats.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Open Journal of the Industrial Electronics Society ENGINEERING, ELECTRICAL & ELECTRONIC-

CiteScore

10.80

自引率

2.40%

发文量

审稿时长

12 weeks

期刊介绍： The IEEE Open Journal of the Industrial Electronics Society is dedicated to advancing information-intensive, knowledge-based automation, and digitalization, aiming to enhance various industrial and infrastructural ecosystems including energy, mobility, health, and home/building infrastructure. Encompassing a range of techniques leveraging data and information acquisition, analysis, manipulation, and distribution, the journal strives to achieve greater flexibility, efficiency, effectiveness, reliability, and security within digitalized and networked environments. Our scope provides a platform for discourse and dissemination of the latest developments in numerous research and innovation areas. These include electrical components and systems, smart grids, industrial cyber-physical systems, motion control, robotics and mechatronics, sensors and actuators, factory and building communication and automation, industrial digitalization, flexible and reconfigurable manufacturing, assistant systems, industrial applications of artificial intelligence and data science, as well as the implementation of machine learning, artificial neural networks, and fuzzy logic. Additionally, we explore human factors in digitalized and networked ecosystems. Join us in exploring and shaping the future of industrial electronics and digitalization.