Files and links (1)
Published, Version of Record (VoR)CC BY-NC-ND V4.0, Open
Conference proceeding
Exploring Ontologies for Mitigation Selection of Industrial Control System Vulnerabilities
International Conference on Cyber Warfare and Security, v 17(1)
01 Mar 2022
Abstract
Mitigating vulnerabilities in industrial control systems (ICSs) represents a highly complex task. ICSs may contain an abundance of device types, all with unique software and hardware components. Upon discovering vulnerabilities on ICS devices, cyber defenders must determine which mitigations to implement, and which mitigations can apply across multiple vulnerabilities. Cyber defenders need techniques to optimize mitigation selection. This exploratory research paper shows how ontologies, also known as linked-data models, can potentially be used to model ICS devices, vulnerabilities, and mitigations, as well as to identify mitigations that can remediate or mitigate multiple vulnerabilities. Ontologies can be used to reduce the complexity of a cyber defender's role by allowing for insights to be drawn, especially in the ICS domain. Data are modelled from the Common Platform Enumeration (CPE), the National Vulnerability Database (NVD), standardized list of controls from the National Institute of Standards and Technology (NIST), and ICS Cyber Emergency Response Team (CERT) advisories. Semantic queries provide the techniques for mitigation prioritization. A case study is described for a selected programmable logic controller (PLC), its known vulnerabilities from the NVD, and recommended mitigations from ICS CERT. Overall, this research shows how ontologies can be used to link together existing data sources, to run queries over the linked data, and to allow for new insights to be drawn for mitigation selection.
Metrics
19 Record Views
Details
- Title
- Exploring Ontologies for Mitigation Selection of Industrial Control System Vulnerabilities
- Creators
- Thomas HeverinMichael CordanoAndy ZeyherMatthew LashnerSanjana Suresh
- Publication Details
- International Conference on Cyber Warfare and Security, v 17(1)
- Conference
- 17th International Conference on Cyber Warfare and Security, 17th (Albany, New York, United States, 17 Mar 2022–18 Mar 2022)
- Publisher
- Academic Conferences International Limited
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Information Science; College of Computing and Informatics
- Other Identifier
- 991019170144504721