Cyber attackers now have the ability to compromise process functions through the very communication networks that are depended upon for control and safety. This fact has motivated security professionals to develop frameworks specifically designed to identify vulnerabilities and mitigate the risk of cyber attacks within industrial control systems (ICS). However, no single security assessment framework allows industrial asset owners to scope and prioritize the most critical network assets and processes.
This paper will introduce an easily applied and repeatable scoping model that will help ICS security analysts identify starting points for cyber threat hunts, incident response planning, penetration/vulnerability assessments, and other related cybersecurity strategies. The analytic results involved within this model allow a security analyst to work from the starting point of identified risks to processes. By operating with the same modus operandi as a cyberattacker, analysts can more easily determine the most impactful risks of a cyber attack.