Kill Chain for Industrial Control System

Attacks in industrial control systems vary widely and are influenced by many factors, including the intent of the attacker, the capabilities of the attacker, the sophistication of the attacking techniques, and his familiarity with the industrial control systems and industrial processes. Attacks against industrial control systems are not a simple network intrusion, but are accomplished through a series of activities to achieve precise attack. This article expands the cyber kill chain model to improve it so that it can be applied to industrial control systems to ensure that defenders in industrial control can understand the attackers' attack activities so as to reasonably allocate limited security resources, take effective security measures and make well-informed risk management decision.