@inproceedings{b7e15e6dc1bc4474890fe7abd223242b,
title = "Understanding the Defence of Operational Technology (OT) Systems: A Comparison of Lockheed Martin{\textquoteright}s Cyber Kill Chain, MITRE ATT&CK Framework, and Diamond Model",
abstract = "As organisations worldwide strive to optimise processes and digitise systems, Operational Technologies (OT) are increasingly being integrated with Information Technologies (IT). Consequently, this complex amalgamation is challenging cybersecurity professionals to understand and analyse both the attack surfaces and attack vectors that threat actors could potentially exploit. Cybersecurity professionals have been driven to explore different attack models to understand and analyse various cyberattacks and their attack vectors. There are several attack models that have already been developed and are being used in the analysis of different cyberattacks and their mitigations. Each of these attack models has some specific characteristics, strengths and limitations. It is therefore crucial to study the use of the most common attack models for operational technologies in order to comprehend their effectiveness for analysing cyberattacks on OT systems. This paper will analyse the features, strengths, and limitations of three widely recognised attack models: Lockheed Martin{\textquoteright}s Cyber Kill Chain, MITRE ATT&CK Framework and Diamond Model for OT systems. It conducts a comparative analysis of these three attack models to provide a complete evaluation of the most suitable model for OT systems.",
keywords = "Cyber Attack Model, Diamond Model, Lockheed Martin{\textquoteright}s Cyber Kill Chain, MITRE ATT&CK Framework, Operational Technology, OT",
author = "Kamor Kareem and Nitin Naik and Paul Jenkins and Paul Grace and Jingping Song",
note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.; International Conference on Computing, Communication, Cybersecurity and AI, C3AI 2024 ; Conference date: 03-07-2024 Through 04-07-2024",
year = "2024",
month = dec,
day = "20",
doi = "10.1007/978-3-031-74443-3_35",
language = "English",
isbn = "9783031744426",
series = "Lecture Notes in Networks and Systems",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "605--624",
editor = "Nitin Naik and Paul Grace and Paul Jenkins and Shaligram Prajapat",
booktitle = "Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI - The C3AI 2024",
}