Enhancing Industrial Cybersecurity: Insights From Analyzing Threat Groups and Strategies in Operational Technology Environments
In recent years, concepts and components of information technology (IT) have made their way into the shop floor, today better known as operational technology (OT). The increasing interconnection and convergence of IT and OT have exposed industrial infrastructures to cyber attacks. In addition, they...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Open Journal of the Industrial Electronics Society |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10834594/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832590331666759680 |
|---|---|
| author | Mukund Bhole Thilo Sauter Wolfgang Kastner |
| author_facet | Mukund Bhole Thilo Sauter Wolfgang Kastner |
| author_sort | Mukund Bhole |
| collection | DOAJ |
| description | In recent years, concepts and components of information technology (IT) have made their way into the shop floor, today better known as operational technology (OT). The increasing interconnection and convergence of IT and OT have exposed industrial infrastructures to cyber attacks. In addition, they have become vulnerable to advanced persistent threats. This article examines real-world incidents, looking at the complex landscape of threat groups targeting OT environments and the tactic, technique, and procedures employed by these threat groups. Consequently, it highlights the need for increased vigilance in protecting OT environments, which can be done by using a variety of open-source threat intelligence platforms and databases, including Thai computer emergency response team (ThaiCERT), Malpedia by Fraunhofer-Institut für Kommunikation, Informationsverarbeitung und Ergonomie (Malpedia by FKIE), adversarial tactics, techniques, and common knowledge by massachusetts institute of technology research and engineering (MITRE ATT&CK), and Industrial Control Systems Cyber Emergency Response Team. We aim to provide relevant stakeholders (manufacturers, asset owners and system integrators), including Chief Information Security Officers, with information on emerging threat groups, attack victims and their locations, the origins of attacks, the tools and types of tools used, and the motivations behind these attacks. This understanding is crucial to improving defensive strategies based on relevant standards and frameworks and protecting OT environments against evolving cyber threats. |
| format | Article |
| id | doaj-art-6b171463bb5a4661ad130ee26736d6ec |
| institution | Kabale University |
| issn | 2644-1284 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Open Journal of the Industrial Electronics Society |
| spelling | doaj-art-6b171463bb5a4661ad130ee26736d6ec2025-01-24T00:02:16ZengIEEEIEEE Open Journal of the Industrial Electronics Society2644-12842025-01-01614515710.1109/OJIES.2025.352758510834594Enhancing Industrial Cybersecurity: Insights From Analyzing Threat Groups and Strategies in Operational Technology EnvironmentsMukund Bhole0https://orcid.org/0000-0003-2334-4669Thilo Sauter1https://orcid.org/0000-0003-1559-8394Wolfgang Kastner2https://orcid.org/0000-0001-5420-404XInstitute of Computer Engineering, TU Wien, Vienna, AustriaInstitute of Computer Engineering, TU Wien, Vienna, AustriaInstitute of Computer Engineering, TU Wien, Vienna, AustriaIn recent years, concepts and components of information technology (IT) have made their way into the shop floor, today better known as operational technology (OT). The increasing interconnection and convergence of IT and OT have exposed industrial infrastructures to cyber attacks. In addition, they have become vulnerable to advanced persistent threats. This article examines real-world incidents, looking at the complex landscape of threat groups targeting OT environments and the tactic, technique, and procedures employed by these threat groups. Consequently, it highlights the need for increased vigilance in protecting OT environments, which can be done by using a variety of open-source threat intelligence platforms and databases, including Thai computer emergency response team (ThaiCERT), Malpedia by Fraunhofer-Institut für Kommunikation, Informationsverarbeitung und Ergonomie (Malpedia by FKIE), adversarial tactics, techniques, and common knowledge by massachusetts institute of technology research and engineering (MITRE ATT&CK), and Industrial Control Systems Cyber Emergency Response Team. We aim to provide relevant stakeholders (manufacturers, asset owners and system integrators), including Chief Information Security Officers, with information on emerging threat groups, attack victims and their locations, the origins of attacks, the tools and types of tools used, and the motivations behind these attacks. This understanding is crucial to improving defensive strategies based on relevant standards and frameworks and protecting OT environments against evolving cyber threats.https://ieeexplore.ieee.org/document/10834594/Operational technology (OT)securitythreat group analysis |
| spellingShingle | Mukund Bhole Thilo Sauter Wolfgang Kastner Enhancing Industrial Cybersecurity: Insights From Analyzing Threat Groups and Strategies in Operational Technology Environments IEEE Open Journal of the Industrial Electronics Society Operational technology (OT) security threat group analysis |
| title | Enhancing Industrial Cybersecurity: Insights From Analyzing Threat Groups and Strategies in Operational Technology Environments |
| title_full | Enhancing Industrial Cybersecurity: Insights From Analyzing Threat Groups and Strategies in Operational Technology Environments |
| title_fullStr | Enhancing Industrial Cybersecurity: Insights From Analyzing Threat Groups and Strategies in Operational Technology Environments |
| title_full_unstemmed | Enhancing Industrial Cybersecurity: Insights From Analyzing Threat Groups and Strategies in Operational Technology Environments |
| title_short | Enhancing Industrial Cybersecurity: Insights From Analyzing Threat Groups and Strategies in Operational Technology Environments |
| title_sort | enhancing industrial cybersecurity insights from analyzing threat groups and strategies in operational technology environments |
| topic | Operational technology (OT) security threat group analysis |
| url | https://ieeexplore.ieee.org/document/10834594/ |
| work_keys_str_mv | AT mukundbhole enhancingindustrialcybersecurityinsightsfromanalyzingthreatgroupsandstrategiesinoperationaltechnologyenvironments AT thilosauter enhancingindustrialcybersecurityinsightsfromanalyzingthreatgroupsandstrategiesinoperationaltechnologyenvironments AT wolfgangkastner enhancingindustrialcybersecurityinsightsfromanalyzingthreatgroupsandstrategiesinoperationaltechnologyenvironments |