In order to meet cyber threat challenges to complex, highly integrated, increasingly automated and network connected operational cybertechnology systems, Athens Group Services has adapted the National Institute of Standards and Technology (NIST) framework for cybersecurity and combined it with our own established Proven Practices for industrial control networks performance verification. The result is a unique approach to ICS cybersecurity based on the identification and profiling of cyber threats. The identification and profiling are provided through the Athens Group Services Threat Mode Effect Criticality Analysis (TMECA®) process.
The TMECA® methodology combines a real time qualitative analysis of threat modes with a quantitative process for ranking and evaluating the impact of those threats. The real-time qualitative analysis allows the most up to date actual experience of SMEs, OEMs, IT departments, and operators to provide the threat modes determination. The quantitative method of threat mode ranking and evaluation provides a way to rank and mitigate the most important risks.
TMECA® is particularly well suited for cybersecurity risk assessment on industrial control systems. It can be performed at any time in the asset lifecycle, on “as-designed” as well as “as-delivered” systems. When performed during the design phase, it may still be possible to change the design of the equipment or the integration with other systems to eliminate or reduce the impact of threat penetration. When performed in later stages, on as-delivered systems, operations and support groups gain awareness and understanding of potential threats and can plan actions to mitigate their effects if and when they do occur.
TMECA® is highly flexible in implementation. The methods for describing threat modes and assessing their impact can be tailored to accommodate the lifecycle phase, the people involved and the information available.
A typical TMECA® process adheres to the basic framework for process hazard analysis by
- Identify and creating a profile for each potential threat for a product or process,
- Assess the risk associated with those threats,
- Rank the threats in terms of importance based on severity, likelihood of occurrence, and detectability, and
- Identify and carry out risk handling decisions
The threats modes are identified and profiled at a live workshop facilitated by Athens Group Services and attended by subject matter experts who are knowledgeable of the operational and information technology aspects of the ICS being analyzed. The threat mode profile contains the following elements for each threat mode:
- Nature – Is the threat of a malicious or non-malicious intent
- Source – Is the threat internal/External to the ICS
- Access – How does the threat gain access to the ICS
- Transport – How does the threat travel across the ICS
- Installation target – The operating system, data system or other ICS component the threat will act upon
- Trigger – The activity that triggers the threat to execute
- Define what damage or harm can occur upon
- Access to the ICS
- Transport across the ICS
- Installation on the target component
- Trigger of the threat
- Evaluate the
- Severity of each threat mode
- Likelihood of each threat mode
- Criticality of each threat mode (calculated from severity * likelihood)
Threat ranking and risk handling decisions:
For each threat mode –
- Rank the threat and determine the risk tolerance
- Make a determination for each threat to
- Accept the risk
- Monitor the risk
- Mitigate the risk
- Transfer the risk
- Avoid the risk
The output of the Athens Group Services TMECA® workshop is a Threat mode profile and risk evaluation spreadsheet. This spreadsheet is a toolset which captures all workshop activity and shows the result of all risk calculations and determinations. The threat mode profile can be used to implement a NIST compatible cybersecurity framework, or to implement a US Department of Energy Cybersecurity Capability Maturity Model (C2M2) analysis.