earticle

영어

The Industrial Control System (ICS) is an environment composed of control systems and field devices used to automate industrial processes. With the technological development of the 4th Industrial Revolution, as the connection between the ICS and the external network expands, the risk of exposing cyber threats to the facilities is increasing. Accordingly, cyber-attack response exercises are being implemented around the world using cyber-attack scenarios. A lot of studies are being conducted on evaluating cyber-attack response exercises as well. However, most studies focus only on evaluating the performance of response activities rather than evaluating the cyber-attack scenarios used for these exercises. Our research presents a quantitative evaluation framework to evaluate the quality of cyber-attack scenarios used in cyber-attack response exercises. Our proposed framework consists of a total of 2 stages and determines whether to use the cyber-attack scenario for cyberattack response exercise.