GENICS: A Framework for Generating Attack Scenarios for Cybersecurity Exercises on Industrial Control Systems

Due to the nature of the industrial control systems (ICS) environment, where process continuity is essential, intentionally initiating a cyberattack to check security controls can cause severe financial and human damage to the organization. Therefore, most organizations operating ICS environments check their level of security through simulated cybersecurity exercises. For these exercises to be effective, high-quality cyberattack scenarios that are likely to occur in the ICS environment must be assumed. Unfortunately, many organizations use limited attack scenarios targeting essential digital assets, leading to ineffective response preparedness. To derive high-quality scenarios, there is a need for relevant attack and vulnerability information, and standardized methods for creating and evaluating attack scenarios in the ICS context. To meet these challenges, we propose GENICS, an attack scenario generation framework for cybersecurity training in ICS. GENICS consists of five phases: threat analysis, attack information identification, modeling cyberattack scenarios, quantifying cyberattacks, and generating scenarios. The validity of GENICS was verified through a qualitative study and case studies on current attack scenario-generating methods. GENICS ensures a systematic approach to generate quantified, realistic attack scenarios, thereby significantly enhancing cybersecurity training in ICS environments.