Analysing the cyber-security of industrial control systems
Reports, plans and updates
- Publication date
This report describes a trial of the use of attack graphs for analysing the cyber-security of an Industrial Control System (ICS) used by an operator within the Downstream Gas & Electricity (DGE) subsector.
Attack graphs provide a structure for capturing system security data which enables automated analysis of potential attack paths. Attack paths are the possible sequences of steps that cyber-attackers could take to cause harm. Understanding the exploitability of attack paths enables organisations to identify security enhancements that make it harder for attackers to do so.
Today, some organisations may use manual threat modelling and this trial was to examine whether computer aided techniques for developing and analysing attack graphs were useful for managing the cyber-security of ICS in the DGE subsector.