The Ohio State Model of ICS Cybersecurity

We propose a simple framework for Industrial Control System (ICS) system cybersecurity. The proposed system is based on considerations which include known vulnerabilities, safety issues, and the centrality of assets in hypothetical attack vectors. We relate the proposed system to the  Purdue Model and two optimization formulations from the literature. We also relate our point system to the results of a recent penetration testing exercise on a manufacturing robotic cell. Finally, we discuss multiple challenges including that posed by legacy equipment and threats to manufacturing uptime.

Keyphrases: air gap, Cyber Security, decision tree models, Purdue Model, vulnerability management, Zero Trust

