{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,16]],"date-time":"2025-05-16T04:02:23Z","timestamp":1747368143622,"version":"3.40.5"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031928857","type":"print"},{"value":"9783031928864","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-92886-4_12","type":"book-chapter","created":{"date-parts":[[2025,5,15]],"date-time":"2025-05-15T06:12:49Z","timestamp":1747289569000},"page":"175-188","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Novel Evidence-Based Threat Enumeration Methodology for\u00a0ICS"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7517-4828","authenticated-orcid":false,"given":"Can","family":"\u00d6zkan","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9084-698X","authenticated-orcid":false,"given":"Dave","family":"Singel\u00e9e","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,5,16]]},"reference":[{"key":"12_CR1","doi-asserted-by":"crossref","unstructured":"Ahn, B., Kim, T., Smith, S.C., Youn, Y.W., Ryu, M.H.: Security threat modeling for power transformers in cyber-physical environments. In: 2021 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT), pp.\u00a01\u20135. IEEE (2021)","DOI":"10.1109\/ISGT49243.2021.9372271"},{"key":"12_CR2","doi-asserted-by":"crossref","unstructured":"Al\u00a0Asif, M.R., Hasan, K.F., Islam, M.Z., Khondoker, R.: Stride-based cyber security threat modeling for IoT-enabled precision agriculture systems. In: 2021 3rd International Conference on Sustainable Technologies for Industry 4.0 (STI), pp.\u00a01\u20136. IEEE (2021)","DOI":"10.1109\/STI53101.2021.9732597"},{"key":"12_CR3","doi-asserted-by":"crossref","unstructured":"AL-Dahasi, A.E.M., Saqib, B.N.A.: Attack tree model for potential attacks against the scada system. In: 2019 27th Telecommunications Forum (TELFOR), pp.\u00a01\u20134. IEEE (2019)","DOI":"10.1109\/TELFOR48224.2019.8971181"},{"key":"12_CR4","doi-asserted-by":"crossref","unstructured":"Alberts, C., Dorofee, A., Stevens, J., Woody, C.: Introduction to the Octave Approach, pp. 72\u201374. Carnegie Mellon University, Pittsburgh (2003)","DOI":"10.21236\/ADA634134"},{"issue":"3","key":"12_CR5","doi-asserted-by":"publisher","first-page":"53","DOI":"10.3390\/inventions4030053","volume":"4","author":"YT Chen","year":"2019","unstructured":"Chen, Y.T., Huang, C.C.: Determining information security threats for an IoT-based energy internet by adopting software engineering and risk management approaches. Inventions 4(3), 53 (2019)","journal-title":"Inventions"},{"key":"12_CR6","unstructured":"Daneels, A., Salter, W.: What is scada? (1999)"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"Ferrer, B.R., Afolaranmi, S.O., Lastra, J.L.M.: Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems. In: 43rd Annual Conference of the IEEE Industrial Electronics Society, IECON 2017, pp. 3498\u20133505. IEEE (2017)","DOI":"10.1109\/IECON.2017.8216592"},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"Fl\u00e5, L.H., Borgaonkar, R., T\u00f8ndel, I.A., Jaatun, M.G.: Tool-assisted threat modeling for smart grid cyber security. In: 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp.\u00a01\u20138. IEEE (2021)","DOI":"10.1109\/CyberSA52016.2021.9478258"},{"issue":"5","key":"12_CR9","doi-asserted-by":"publisher","first-page":"3903","DOI":"10.1109\/TSG.2021.3122106","volume":"13","author":"M Girdhar","year":"2021","unstructured":"Girdhar, M., Hong, J., Lee, H., Song, T.J.: Hidden Markov models-based anomaly correlations for the cyber-physical security of EV charging stations. IEEE Trans. Smart Grid 13(5), 3903\u20133914 (2021)","journal-title":"IEEE Trans. Smart Grid"},{"key":"12_CR10","doi-asserted-by":"crossref","unstructured":"Haider, M.H., Saleem, S.B., Rafaqat, J., Sabahat, N.: Threat modeling of wireless attacks on advanced metering infrastructure. In: 2019 13th International Conference on Mathematics, Actuarial Science, Computer Science and Statistics (MACS), pp.\u00a01\u20136. IEEE (2019)","DOI":"10.1109\/MACS48846.2019.9024779"},{"key":"12_CR11","unstructured":"IriusRisk: IriusRisk. https:\/\/www.iriusrisk.com\/. Accessed 11 Oct 2024"},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"Khan, R., McLaughlin, K., Laverty, D., Sezer, S.: Stride-based threat modeling for cyber-physical systems. In: 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), pp.\u00a01\u20136. IEEE (2017)","DOI":"10.1109\/ISGTEurope.2017.8260283"},{"issue":"6","key":"12_CR13","doi-asserted-by":"publisher","first-page":"991","DOI":"10.4218\/etrij.2021-0181","volume":"44","author":"KH Kim","year":"2022","unstructured":"Kim, K.H., Kim, K., Kim, H.K.: Stride-based threat modeling and dread evaluation for the distributed control system in the oil refinery. ETRI J. 44(6), 991\u20131003 (2022)","journal-title":"ETRI J."},{"key":"12_CR14","doi-asserted-by":"crossref","unstructured":"Li, K., Rashid, A., Roudaut, A.: Vision: security-usability threat modeling for industrial control systems. In: Proceedings of the 2021 European Symposium on Usable Security, pp. 83\u201388 (2021)","DOI":"10.1145\/3481357.3481527"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Martins, G., Bhatia, S., Koutsoukos, X., Stouffer, K., Tang, C., Candell, R.: Towards a systematic threat modeling approach for cyber-physical systems. In: 2015 Resilience Week (RWS), pp.\u00a01\u20136. IEEE (2015)","DOI":"10.1109\/RWEEK.2015.7287428"},{"key":"12_CR16","unstructured":"Mead, N.R., Shull, F., Vemuru, K., Villadsen, O.: A hybrid threat modeling method. Carnegie MellonUniversity-Software Engineering Institute-Technical Report-CMU\/SEI-2018-TN-002 (2018)"},{"key":"12_CR17","unstructured":"Microsoft: Microsoft Threat Modeling Tool. https:\/\/learn.microsoft.com\/en-us\/azure\/security\/develop\/threat-modeling-tool. Accessed 17 Mar 2025"},{"key":"12_CR18","unstructured":"MITRE: CVE. https:\/\/cve.mitre.org\/index.html. Accessed 17 Mar 2025"},{"key":"12_CR19","unstructured":"MITRE: CVE. https:\/\/cwe.mitre.org\/. Accessed 17 Mar 2025"},{"key":"12_CR20","unstructured":"MITRE: CVE API. https:\/\/mitrecve.readthedocs.io\/en\/latest\/api.html. Accessed 17 Mar 2025"},{"key":"12_CR21","unstructured":"Murray, G., Johnstone, M.N., Valli, C.: The convergence of it and OT in critical infrastructure (2017)"},{"key":"12_CR22","unstructured":"Myagmar, S., Lee, A.J., Yurcik, W.: Threat modeling as a basis for security requirements (2005)"},{"key":"12_CR23","unstructured":"NIST: NIST Vulnerability API. https:\/\/nvd.nist.gov\/developers\/vulnerabilities. Accessed 17 Mar 2025"},{"key":"12_CR24","unstructured":"OWASP: OWASP Threat Dragon Tool. https:\/\/owasp.org\/www-project-threat-dragon\/. Accessed 17 Mar 2025"},{"key":"12_CR25","unstructured":"Ozkan, C.: Github Link. https:\/\/github.com\/can-ozkan\/ICS_Threat_Generator. Accessed 17 Mar 2025"},{"key":"12_CR26","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2021.102073","volume":"117","author":"Q Rouland","year":"2021","unstructured":"Rouland, Q., Hamid, B., Jaskolka, J.: Specification, detection, and treatment of stride threats for software components: modeling, formal methods, and tool support. J. Syst. Architect. 117, 102073 (2021)","journal-title":"J. Syst. Architect."},{"key":"12_CR27","unstructured":"Sami, A.: Scada (supervisory control and data acquisition) (2019)"},{"key":"12_CR28","doi-asserted-by":"crossref","unstructured":"Schlegel, R., Obermeier, S., Schneider, J.: Structured system threat modeling and mitigation analysis for industrial automation systems. In: 2015 IEEE 13th International Conference on Industrial Informatics (INDIN), pp. 197\u2013203. IEEE (2015)","DOI":"10.1109\/INDIN.2015.7281734"},{"issue":"12","key":"12_CR29","first-page":"21","volume":"24","author":"B Schneier","year":"1999","unstructured":"Schneier, B.: Attack trees. Dr. Dobb\u2019s J. 24(12), 21\u201329 (1999)","journal-title":"Dr. Dobb\u2019s J."},{"key":"12_CR30","volume-title":"Threat Modeling: Designing for Security","author":"A Shostack","year":"2014","unstructured":"Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)"},{"key":"12_CR31","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102316","volume":"107","author":"I Stellios","year":"2021","unstructured":"Stellios, I., Kotzanikolaou, P., Grigoriadis, C.: Assessing IoT enabled cyber-physical attack paths against critical systems. Comput. Secur. 107, 102316 (2021)","journal-title":"Comput. Secur."},{"key":"12_CR32","unstructured":"Stouffer, K., Falco, J., Scarfone, K., et al.: Guide to industrial control systems (ICS) security. NIST Special Publication 800(82), 16 (2011)"},{"key":"12_CR33","doi-asserted-by":"publisher","DOI":"10.1002\/9781118988374","volume-title":"Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis","author":"T UcedaVelez","year":"2015","unstructured":"UcedaVelez, T., Morana, M.M.: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. Wiley, Hoboken (2015)"},{"issue":"5","key":"12_CR34","doi-asserted-by":"publisher","first-page":"4403","DOI":"10.1109\/TDSC.2022.3213577","volume":"20","author":"F Valenza","year":"2022","unstructured":"Valenza, F., Karafili, E., Steiner, R.V., Lupu, E.C.: A hybrid threat model for smart systems. IEEE Trans. Dependable Secure Comput. 20(5), 4403\u20134417 (2022)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"12_CR35","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2023.100766","volume":"22","author":"S Zahid","year":"2023","unstructured":"Zahid, S., Mazhar, M.S., Abbas, S.G., Hanif, Z., Hina, S., Shah, G.A.: Threat modeling in smart firefighting systems: aligning MITRE ATT &CK matrix and NIST security controls. Internet Things 22, 100766 (2023)","journal-title":"Internet Things"},{"key":"12_CR36","doi-asserted-by":"crossref","unstructured":"Zografopoulos, I., Konstantinou, C., Tsoutsos, N.G., Zhu, D., Broadwater, R.: Security assessment and impact analysis of cyberattacks in integrated t &d power systems. In: Proceedings of the 9th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, pp.\u00a01\u20137 (2021)","DOI":"10.1145\/3470481.3472706"},{"key":"12_CR37","doi-asserted-by":"publisher","first-page":"29775","DOI":"10.1109\/ACCESS.2021.3058403","volume":"9","author":"I Zografopoulos","year":"2021","unstructured":"Zografopoulos, I., Ospina, J., Liu, X., Konstantinou, C.: Cyber-physical energy systems security: threat modeling, risk assessment, resources, metrics, and case studies. IEEE Access 9, 29775\u201329818 (2021)","journal-title":"IEEE Access"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-92886-4_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,15]],"date-time":"2025-05-15T06:13:05Z","timestamp":1747289585000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-92886-4_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031928857","9783031928864"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-92886-4_12","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"16 May 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Maribor","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Slovenia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 May 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 May 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"40","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sec2025.um.si\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}