Cyber-attack fingerprint models                                                               

WP leader: Siv Hilde Houmb, NTNU

This WP will build on the results of the CybWin project, especially the cyber-attack scenarios developed for the Digital Station (DS) enclave, and the results from literature studies on cyber-attack, including Advanced Persistent Threats (APT) (long-term illicit presence/breach). The CybWin project carried out two phases of control experiments involving cyber-attacks in the DS enclave], and these will be further developed as part of this project.

Tasks: 

• A2.1: Perform literature study of cyber-attacks on CPS for the years 2021, 2022 and 2023, as CybWin did not cover these years in their literature study, and extend to the whole project period. The literature study will be re-issued towards the end of the project to make the results easy to reuse for other projects.
• A2.2: Adapt and adjust the cyber-attack scenarios developed for the phase 1 and 2 controlled experiments for the DS enclave in the CybWin project for the petroleum sector. These cyber-attack scenarios were developed for power grid in the CybWin project. Model both the CybWin attack scenarios and the adaption for Petroleum as cyber-attack fingerprint patterns (step-by-step descriptions) using the ICS Kill Chain and attack techniques from MITRE ATT&CK for ICS.
• A2.3: Develop 2-3 variations for the cyber-attack scenarios from A2.2 using alternative tactics and techniques from MITRE ATT&CK for ICS, i.e., assembling new combinations of attack techniques that could lead to the same result. These represent alternative ways to execute a specific cyber-attack. These cyber-attack scenario alternatives (fingerprints) will be used in the case studies in WP6.