Penetration Testing of Newly-Deployed Industrial Control Systems

Shaymaa Mamdouh Khalil; Hayretdin Bahsi; Tarmo Korotko

doi:10.1007/978-3-032-11914-8_2

Penetration Testing of Newly-Deployed Industrial Control Systems

Shaymaa Mamdouh Khalil
, Hayretdin Bahsi
, Tarmo Korotko

Informatics, Computing, and Cyber Systems, School of

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

Penetration testing is a security practice that proactively discovers and assesses the potential exploitation of system vulnerabilities by simulating real-world attacks. Penetration testing of industrial control systems is a complex, time-consuming and demanding process requiring expertise in information technology and operational technology systems. Effective penetration test planning is crucial to prioritizing activities and optimizing time and resources. This chapter describes a seven-stage methodology for penetration testing newly-deployed industrial control systems and demonstrates its practical application using a real-world case study of a newly-designed microgrid system. The methodology leverages threat modeling outcomes from the design phase to define the penetration testing scope and guide test choices, leading to an efficient testing process. Furthermore, it engages a novel MITRE ATT&CK to STRIDE mapping, which bridges the design phase that focuses on high-level threats and the planning phase that employs medium-level granularity. The methodology benefits security practitioners by enhancing planning efficiency and streamlining collaboration with third-party penetration testers. The methodology in conjunction with the MITRE ATT&CK to STRIDE mapping can be used to develop detailed, effective and efficient industrial control system penetration testing efforts.

Original language	English (US)
Title of host publication	Critical Infrastructure Protection XIX - 19th IFIP WG 11.10 International Conference, ICCIP 2025, Revised Selected Papers
Editors	Jason Staggs, Sujeet Shenoi
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	25-48
Number of pages	24
ISBN (Print)	9783032119131
DOIs	https://doi.org/10.1007/978-3-032-11914-8_2
State	Published - 2026
Event	19th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2025 - Arlington, United States Duration: Mar 17 2025 → Mar 18 2025

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	763 IFIPAICT
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	19th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2025
Country/Territory	United States
City	Arlington
Period	3/17/25 → 3/18/25

Keywords

Industrial Control System
Microgrid
MITRE ATT&CK
Penetration Testing
STRIDE
Threat Modeling

ASJC Scopus subject areas

Information Systems and Management

Access to Document

10.1007/978-3-032-11914-8_2

Cite this

Khalil, S. M., Bahsi, H., & Korotko, T. (2026). Penetration Testing of Newly-Deployed Industrial Control Systems. In J. Staggs, & S. Shenoi (Eds.), Critical Infrastructure Protection XIX - 19th IFIP WG 11.10 International Conference, ICCIP 2025, Revised Selected Papers (pp. 25-48). (IFIP Advances in Information and Communication Technology; Vol. 763 IFIPAICT). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-11914-8_2

Penetration Testing of Newly-Deployed Industrial Control Systems. / Khalil, Shaymaa Mamdouh; Bahsi, Hayretdin; Korotko, Tarmo.
Critical Infrastructure Protection XIX - 19th IFIP WG 11.10 International Conference, ICCIP 2025, Revised Selected Papers. ed. / Jason Staggs; Sujeet Shenoi. Springer Science and Business Media Deutschland GmbH, 2026. p. 25-48 (IFIP Advances in Information and Communication Technology; Vol. 763 IFIPAICT).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Khalil, SM, Bahsi, H & Korotko, T 2026, Penetration Testing of Newly-Deployed Industrial Control Systems. in J Staggs & S Shenoi (eds), Critical Infrastructure Protection XIX - 19th IFIP WG 11.10 International Conference, ICCIP 2025, Revised Selected Papers. IFIP Advances in Information and Communication Technology, vol. 763 IFIPAICT, Springer Science and Business Media Deutschland GmbH, pp. 25-48, 19th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2025, Arlington, United States, 3/17/25. https://doi.org/10.1007/978-3-032-11914-8_2

Khalil SM, Bahsi H, Korotko T. Penetration Testing of Newly-Deployed Industrial Control Systems. In Staggs J, Shenoi S, editors, Critical Infrastructure Protection XIX - 19th IFIP WG 11.10 International Conference, ICCIP 2025, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2026. p. 25-48. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-032-11914-8_2

Khalil, Shaymaa Mamdouh ; Bahsi, Hayretdin ; Korotko, Tarmo. / Penetration Testing of Newly-Deployed Industrial Control Systems. Critical Infrastructure Protection XIX - 19th IFIP WG 11.10 International Conference, ICCIP 2025, Revised Selected Papers. editor / Jason Staggs ; Sujeet Shenoi. Springer Science and Business Media Deutschland GmbH, 2026. pp. 25-48 (IFIP Advances in Information and Communication Technology).

@inproceedings{deef66b947e644988b4265ed3d30efc2,

title = "Penetration Testing of Newly-Deployed Industrial Control Systems",

abstract = "Penetration testing is a security practice that proactively discovers and assesses the potential exploitation of system vulnerabilities by simulating real-world attacks. Penetration testing of industrial control systems is a complex, time-consuming and demanding process requiring expertise in information technology and operational technology systems. Effective penetration test planning is crucial to prioritizing activities and optimizing time and resources. This chapter describes a seven-stage methodology for penetration testing newly-deployed industrial control systems and demonstrates its practical application using a real-world case study of a newly-designed microgrid system. The methodology leverages threat modeling outcomes from the design phase to define the penetration testing scope and guide test choices, leading to an efficient testing process. Furthermore, it engages a novel MITRE ATT\&CK to STRIDE mapping, which bridges the design phase that focuses on high-level threats and the planning phase that employs medium-level granularity. The methodology benefits security practitioners by enhancing planning efficiency and streamlining collaboration with third-party penetration testers. The methodology in conjunction with the MITRE ATT\&CK to STRIDE mapping can be used to develop detailed, effective and efficient industrial control system penetration testing efforts.",

keywords = "Industrial Control System, Microgrid, MITRE ATT\&CK, Penetration Testing, STRIDE, Threat Modeling",

author = "Khalil, \{Shaymaa Mamdouh\} and Hayretdin Bahsi and Tarmo Korotko",

note = "Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2026.; 19th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2025 ; Conference date: 17-03-2025 Through 18-03-2025",

year = "2026",

doi = "10.1007/978-3-032-11914-8\_2",

language = "English (US)",

isbn = "9783032119131",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "25--48",

editor = "Jason Staggs and Sujeet Shenoi",

booktitle = "Critical Infrastructure Protection XIX - 19th IFIP WG 11.10 International Conference, ICCIP 2025, Revised Selected Papers",

address = "Germany",

}

TY - GEN

T1 - Penetration Testing of Newly-Deployed Industrial Control Systems

AU - Khalil, Shaymaa Mamdouh

AU - Bahsi, Hayretdin

AU - Korotko, Tarmo

N1 - Publisher Copyright: © IFIP International Federation for Information Processing 2026.

PY - 2026

Y1 - 2026

N2 - Penetration testing is a security practice that proactively discovers and assesses the potential exploitation of system vulnerabilities by simulating real-world attacks. Penetration testing of industrial control systems is a complex, time-consuming and demanding process requiring expertise in information technology and operational technology systems. Effective penetration test planning is crucial to prioritizing activities and optimizing time and resources. This chapter describes a seven-stage methodology for penetration testing newly-deployed industrial control systems and demonstrates its practical application using a real-world case study of a newly-designed microgrid system. The methodology leverages threat modeling outcomes from the design phase to define the penetration testing scope and guide test choices, leading to an efficient testing process. Furthermore, it engages a novel MITRE ATT&CK to STRIDE mapping, which bridges the design phase that focuses on high-level threats and the planning phase that employs medium-level granularity. The methodology benefits security practitioners by enhancing planning efficiency and streamlining collaboration with third-party penetration testers. The methodology in conjunction with the MITRE ATT&CK to STRIDE mapping can be used to develop detailed, effective and efficient industrial control system penetration testing efforts.

AB - Penetration testing is a security practice that proactively discovers and assesses the potential exploitation of system vulnerabilities by simulating real-world attacks. Penetration testing of industrial control systems is a complex, time-consuming and demanding process requiring expertise in information technology and operational technology systems. Effective penetration test planning is crucial to prioritizing activities and optimizing time and resources. This chapter describes a seven-stage methodology for penetration testing newly-deployed industrial control systems and demonstrates its practical application using a real-world case study of a newly-designed microgrid system. The methodology leverages threat modeling outcomes from the design phase to define the penetration testing scope and guide test choices, leading to an efficient testing process. Furthermore, it engages a novel MITRE ATT&CK to STRIDE mapping, which bridges the design phase that focuses on high-level threats and the planning phase that employs medium-level granularity. The methodology benefits security practitioners by enhancing planning efficiency and streamlining collaboration with third-party penetration testers. The methodology in conjunction with the MITRE ATT&CK to STRIDE mapping can be used to develop detailed, effective and efficient industrial control system penetration testing efforts.

KW - Industrial Control System

KW - Microgrid

KW - MITRE ATT&CK

KW - Penetration Testing

KW - STRIDE

KW - Threat Modeling

UR - https://www.scopus.com/pages/publications/105027593514

UR - https://www.scopus.com/pages/publications/105027593514#tab=citedBy

U2 - 10.1007/978-3-032-11914-8_2

DO - 10.1007/978-3-032-11914-8_2

M3 - Conference contribution

AN - SCOPUS:105027593514

SN - 9783032119131

T3 - IFIP Advances in Information and Communication Technology

SP - 25

EP - 48

BT - Critical Infrastructure Protection XIX - 19th IFIP WG 11.10 International Conference, ICCIP 2025, Revised Selected Papers

A2 - Staggs, Jason

A2 - Shenoi, Sujeet

PB - Springer Science and Business Media Deutschland GmbH

T2 - 19th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2025

Y2 - 17 March 2025 through 18 March 2025

ER -