Logo
Benutzer: Gast  Login
Autoren:
Mundt, Michael; Baier, Harald 
Dokumenttyp:
Konferenzbeitrag / Conference Paper 
Titel:
Mapping Cyber-Physical Threats for Critical Infrastructures 
Herausgeber Sammlung:
Hämmerli, Bernhard; Helmbrecht, Udo; Hommel, Wolfgang; Kunczik, Leonhard; Pickl, Stefan 
Titel Konferenzpublikation:
Critical Information Infrastructures Security 
Untertitel Konferenzpublikation:
17th International Conference, CRITIS 2022, Munich, Germany, September 14–16, 2022, Revised Selected Papers 
Reihentitel:
Lecture Notes in Computer Science, LNCS 
Bandnummer Reihe:
13723 
Veranstalter (Körperschaft):
Universität der Bundeswehr München 
Konferenztitel:
International Conference on Critical Information Infrastructures Security (17., 2022, München) 
Tagungsort:
München 
Jahr der Konferenz:
2022 
Datum Beginn der Konferenz:
14.09.2022 
Datum Ende der Konferenz:
16.09.2022 
Verlagsort:
Cham, Switzerland 
Verlag:
Springer 
Jahr:
2023 
Seiten von - bis:
164–179 
Sprache:
Englisch 
Stichwörter:
Cyber Threat Intelligence ; Critical Infrastructure ; Industry Control Systems ; Geographic Information System ; Cyber-physical Attack 
Abstract:
Critical infrastructures in general and Industry Control Systems (ICS) in particular need specific protection. For instance, Advanced Persistent Threats (APT) are a well-known modus operandi of attackers to penetrate enterprise IT systems with the consequence of a severely disrupt production. The typical arms race leads to new, updated attack vectors. Hence critical infrastructures in general are vulnerable, and consequently our society, too. In this paper we propose an approach in the scope of ICS, which chains Cyber Threat Intelligence with the spatiotemporal analytical capabilities of a Geographic Information System (GIS). Our goal is an improved defense approach addressing the risk that a cyber-physical attack disrupts parts of the critical infrastructure. We furthermore quantify the threat and the extent of potential effects by providing reliable data on the expected level of risk/damage. Our approach of interlinking Cyber Threat Intelligence, incident response, and GIS operational models is evalutated using a prototype within a sample use case. For the implementation of the prototype, market-available products are used such as the Security Information and Event Management (SIEM) of the company LogPoint, the GIS of the company Esri and the MITRE ATT&CK framework. Our work shows how critical infrastructure protection can be improved through the optimized concatenation of existing procedures and technologies to make available knowledge actionable for defense. Our solution offers a unique starting point to combine the existing knowledge of Cyber Threat Intelligence with the knowledge of operational processes of critical infrastructures and put it at the service of the defender. 
ISBN:
978-3-031-35189-1 ; 978-3-031-35190-7 
Fakultät:
Fakultät für Informatik 
Institut:
INF 6 - Institut für Systemsicherheit 
Professur:
Baier, Harald 
(Forschungs)einrichtung UniBw M:
CODE 
Open Access ja oder nein?:
Nein / No