Threat modeling of industrial control systems: A systematic literature review

Threat modeling is the process of identifying and mitigating potential threats to a system. It was originally developed to enhance software security during the design phase but has since been adapted for Industrial Control Systems (ICSs). ICSs are complex and interconnected systems that control critical infrastructure, such as power plants, water treatment facilities, and manufacturing plants. As such, they are major targets for cyberattacks, which may lead to human casualties, severe national security impacts, and financial instability. This systematic literature review explores the existing threat modeling methodologies for ICSs and emphasizes the importance of employing methodical frameworks that cover safety, security, and privacy aspects with clear procedural guidelines. The review reveals that ICSs threat modeling often lacks validation to ensure that the used methodologies are effective in identifying and mitigating threats. This study emphasizes the need to develop and apply better validation metrics in case studies. The main goal of this review is to help cyber security researchers and practitioners in selecting a suitable threat modeling approach that facilitates the creation of ICSs with an acceptable level of security.