상세 보기
- 이수연;
- 최승원;
- 이주락
초록
With the advancement of IT technologies and the increasing external connectivity following the Fourth Industrial Revolution, OT environments have become increasingly sophisticated, leading to greater exposure to a wider range of threats. However, existing discussions on OT security have primarily centered on specific technologies or layers, with empirical attempts to assess vulnerability distribution and risk levels across upper and lower layers remaining relatively scarce. To address this gap, this study selected 195 CISA ICS Advisory cases to which CVSS v4 scores were assigned, classified each case into lower layers (Levels 0–2) or upper layers (Level 3 and above) based on the Purdue model, and compared the cases in terms of frequency and severity. The analysis revealed that lower-layer cases were significantly more numerous than upper-layer cases, and no consistent difference in risk level was observed between the two layers in terms of average CVSS scores or severity distributions, confirming that security risks in OT environments are not confined to upper-layer systems alone. Through these findings, this study sheds light on the risk characteristics of lower-layer systems that have received relatively limited attention, and provides foundational data for establishing OT security priorities and developing vulnerability management strategies.
키워드
- 제목
- Purdue 모델 기반 OT 보안 취약점의 계층별 분포와 위험 수준 분석
- 제목 (타언어)
- A Purdue Model-Based Analysis of OT Vulnerability Distribution and Risk Levels Across Layers
- 저자
- 이수연; 최승원; 이주락
- 발행일
- 2026-03
- 유형
- Y
- 저널명
- 시큐리티연구
- 호
- 86
- 페이지
- 265 ~ 281