Advanced persistent threats (APT’s) that leverage phishing against operational technology (OT) are cyber-attacks that endanger critical infrastructure assets nationwide. Today phishing, a human focused exploit, constitutes 91% of successful attack vectors against Federal assets. This means Human Introduced Vulnerabilities (HICV’s) are the weakest cyber defense link. The success of these attacks also suggests HICV’s are not well understood nor mitigated. To characterize HICV’s and provide the necessary context in which they exist, this paper introduces a research approach derived from the mature science of Social Ecology. The desired end result of this research is an HICV focused risk assessment framework.
Revised: January 28, 2020 |
Published: December 2, 2019
Citation
Merz T.R., C. Fallon, and A. Scalco. 2019.A Context-Centered Research Approach to Phishing and Operational Technology in Industrial Control Systems.Journal of Information Warfare 18, no. 4 (Special Edition):24-36.PNNL-SA-144741.