we have proposed Hierarchical Taxonomic Framework (HTF) with 16 required characteristics for classifying attacks and security incidents in ICSs.
This framework has proper characteristics such as completeness, unambiguity, repeatability, usefulness, appropriateness, and applicability.
We provided semi-formal and standardized definitions of threats, events, incidents, non-incidents, non-security incidents, non-attack security incidents, and attacks
This proposed taxonomy with various parameters and sub-parameters prepares an expandable hierarchical framework for any organization's requirements.
In this paper, we present minimal parameters and sub-parameters for classification. Parameters and sub-parameters of the HTF can be changed, expanded, and revised for other applications that need more customization.
we also classified and analyzed 268 security incidents on ICSs. Based on the HTF, we proposed the statistical analytical study to show the useful patterns and key points for threat intelligence in ICSs and critical infrastructures. These patterns and key points lead us to improve ICSs and critical infrastructures security by being aware of cyber-attacks trends.
Please cite this article as: Mohammad Mehdi Ahmadian , Mehdi Shajari , Mohammad Ali Shafiee , Industrial Control System Security Taxonomic Framework with Application to a Comprehensive Incidents Survey, International Journal of Critical Infrastructure Protection (2020), doi:https://doi.org/10.1016/j.ijcip.2020.100356