Attacking Operational Technology Without Specialized Knowledge: The Unspecialized OT Threat Actor Profile

Abstract

Due to the unique characteristics of Operational Technology (OT), i.e., technology centered around cyber-physical activities, performing OT-related cyber-attacks is traditionally thought to require both specialized- and generic IT-related knowledge. However, in recent years, the need for specialized knowledge decreased, and OT-related cyber-attacks became increasingly easier to perform. In this paper, we profile a new threat actor, referred to as the unspecialized OT attacker, who performs targeted, OT-related cyber-attacks with at most basic generic knowledge. We show the relevance of this threat actor by identifying past OT-related cyber-attacks that match this threat actor profile’s capabilities; we do so by mapping the types of tools used during these cyber-attacks and the knowledge required to use them. To further substantiate our analysis, we investigate readily-available tools that can assist threat actors in performing OT-related cyber-attacks. The combination of our findings highlights the present-day lowered entry level requirements to attack OT environments while limiting the scope of current assumptions.

Emmanuele Zambon

Assistant Professor

My research interests include Industrial Control System security and network intrusion detection.