Home > Research > Publications & Outputs > The impact of social engineering on Industrial ...

Links

Text available via DOI:

View graph of relations

The impact of social engineering on Industrial Control System security

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published
Publication date2015
Host publicationCPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy
Place of PublicationNew York
PublisherACM
Pages23-29
Number of pages7
ISBN (print)9781450338271
<mark>Original language</mark>English
EventACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC) - Denver, United States
Duration: 16/10/2015 → …

Conference

ConferenceACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC)
Country/TerritoryUnited States
CityDenver
Period16/10/15 → …

Conference

ConferenceACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC)
Country/TerritoryUnited States
CityDenver
Period16/10/15 → …

Abstract

In assessing the security posture of Industrial Control Systems (ICS), several approaches have been proposed, including attack graphs, attack trees, Bayesian networks and security ideals. Predominantly focusing on technical vulnerabilities, challenges stemming from social and organisational factors are often reviewed in isolation, if at all. Taking a mean time-to-compromise (MTTC) metric as a base for expansion, we explore the impact social engineering attack vectors (malicious e-mails) could have on such assessments. The applied method takes a holistic view, to better understand the potential impact of social engineering across a small European utility company. The results of this review are analysed and discussed, highlighting the level of access an attacker could gain through social engineering, and the need for assessment metrics to include vulnerabilities stemming not only from technical factors, but social and organisational ones as well.