A Novel Risk-Based Methodology for Enhancing Industrial Control Systems Security: A Systematic Review and Case Study

Critical infrastructures support essential services across various sectors, including finance, energy, healthcare, and public administration. However, their increasing exposure to the internet, combined with insecure communication protocols, weak authentication mechanisms, and misconfigurations, makes them prime targets for cyber threats. To address these risks, this paper presents a novel cybersecurity methodology tailored for Industrial Control Systems (ICS), leveraging the Shodan search engine for systematic vulnerability identification. The proposed approach integrates six key phases: IP discovery 1), DNS verification 2), port, protocol and service identification 3), operating system profiling 4), web application analysis 5), and comprehensive risk assessment using a customized risk matrix 6). This study contributes by 1) conducting a systematic literature review to identify gaps in existing ICS security frameworks, 2) developing a structured methodology for risk assessment across different ICS lifecycle phases, 3) applying the methodology to a real-world case study to validate its effectiveness, and 4) demonstrating its capability to systematically identify vulnerabilities, quantify risks, and provide actionable security insights. The results reveal critical security gaps, such as outdated software and unencrypted communication channels, emphasizing the need for improved security controls. By quantifying the attack surface and assessing risk levels, the proposed model enables stakeholders to prioritize remediation efforts effectively. The findings highlight the urgent need for proactive security measures in ICS environments, reinforcing the importance of continuous monitoring and risk mitigation strategies to enhance the resilience of critical infrastructures against evolving cyber threats.