From Systematic Threat Search to pentesting: Industrial Control Systems threat models

The rapid digitalization of industrial environments and the increasing convergence of Information Technology (IT) and Operational Technology (OT) have transformed traditional Industrial Control Systems (ICS) into complex Cyber-Physical Systems (CPS). While this evolution enables unprecedented levels of efficiency and automation, it exposes critical infrastructures to a sophisticated and heterogeneous threat landscape where attacks can propagate beyond digital assets to cause production disruptions. Despite the sector’s criticality, current literature suffers from methodological fragmentation; most studies rely on empirical enumeration or ad-hoc processes, lacking structured frameworks for threat identification. This paper addresses this gap by presenting a Systematic Literature Review (SLR) designed to establish a formalized knowledge base for ICS threat modeling. Through a rigorous search of 913 scientific publications, we identified the most relevant contributions to threat definition. The primary contribution of this work is the development of a comprehensive ICS Threat Catalogue, which systematically classifies 87 distinct threats. These threats are mapped to specific assets and communication protocols, aligned with the Purdue Enterprise Reference Architecture. By integrating these findings into a graph-based modeling approach, we leveraged an automated methodology for generating threat models and penetration testing plans. The effectiveness of the catalogue was validated through a Smart Manufacturing case study, where the approach successfully identified 481 potential threats and generated 319 attack plans, demonstrating the practical impact of threat analysis and operational security assessment.