Study Highlights Gaps in Industrial Control System Threat Information Sharing

Global: Study Highlights Gaps in Industrial Control System Threat Information Sharing

Researchers examining cyber threats to critical infrastructure reported in December 2025 that current mechanisms for sharing threat information among private firms and government agencies remain insufficient for industrial control system (ICS) operators. The analysis, based on a review of historical incidents and recent advisories, identifies systemic obstacles that impede the exchange of actionable intelligence.

Incident Case Studies

The authors evaluated three high‑profile attacks—Stuxnet, Industroyer, and Triton—to illustrate how fragmented data formats and incomplete reporting have hampered coordinated responses. Each case revealed gaps in documenting adversary techniques and the artifacts they target within control environments.

Procedural Analysis

Using automated natural‑language processing, the study examined 196 procedural examples linked to 79 MITRE ATT&CK techniques across 22 malware families relevant to ICS. This systematic extraction highlighted inconsistencies in how threat observables are described, further complicating cross‑organization sharing.

Recent Vulnerability Advisories

The investigation also incorporated nine vulnerability advisories from the CISA Known Exploitable Vulnerability catalog. Findings showed that many advisories lack the technical depth needed for operators to implement timely mitigations.

Identified Limitations

The authors pinpoint four principal limitations: (i) the absence of a coherent representation for ICS‑specific artifacts in standards such as STIX; (ii) reliance on undocumented proprietary technologies; (iii) insufficient technical detail in vulnerability and incident reports; and (iv) limited accessibility of detailed adversarial technique information.

Recommendations for Standards

To address these issues, the paper proposes enhancements to the cyber‑observable objects schema within STIX, aiming to capture the nuances of ICS environments more accurately. The authors suggest that adopting these revisions could improve the fidelity of shared intelligence.

Broader Implications

By outlining concrete shortcomings and offering a roadmap for standardization, the research seeks to facilitate more effective collaboration between industry and government, ultimately strengthening the resilience of critical infrastructure against evolving cyber threats.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.