The impact of social engineering on Industrial Control System security

Green, Benjamin and Prince, Daniel and Busby, Jeremy and Hutchison, David (2015) The impact of social engineering on Industrial Control System security. In: CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy. ACM, USA, pp. 23-29. ISBN 9781450338271

Full text not available from this repository.


In assessing the security posture of Industrial Control Systems (ICS), several approaches have been proposed, including attack graphs, attack trees, Bayesian networks and security ideals. Predominantly focusing on technical vulnerabilities, challenges stemming from social and organisational factors are often reviewed in isolation, if at all. Taking a mean time-to-compromise (MTTC) metric as a base for expansion, we explore the impact social engineering attack vectors (malicious e-mails) could have on such assessments. The applied method takes a holistic view, to better understand the potential impact of social engineering across a small European utility company. The results of this review are analysed and discussed, highlighting the level of access an attacker could gain through social engineering, and the need for assessment metrics to include vulnerabilities stemming not only from technical factors, but social and organisational ones as well.

Item Type:
Contribution in Book/Report/Proceedings
ID Code:
Deposited By:
Deposited On:
18 May 2016 14:30
Last Modified:
21 Sep 2023 03:50