Summary
This white paper presents a comprehensive definition of Industrial Control Systems (ICS) malware, outlining its three essential properties: ICS-capability, malicious intent, and the potential for adverse effects on operational technology (OT) environments. The document explains that ICS malware is specifically designed to interact with ICS systems and cause harm. It discusses the evolution of ICS malware, starting with the Stuxnet incident and highlighting subsequent examples such as TRISIS and FrostyGoop. The paper emphasizes the importance of distinguishing ICS malware from other cyber threats targeting OT environments, noting that while there are numerous threats, only a small subset qualifies as ICS malware. The author provides case studies to illustrate how the defined properties can be applied in real-world scenarios, facilitating better identification and understanding of ICS malware. This definition aims to enhance threat intelligence efforts and improve defensive strategies against potential ICS malware attacks.
