Project Abstract

CriSisEval is a security evaluation whihc can also be used as a threat modeller. lt was created to assist security analysts in prioritizing the security hardening of vulnerable OT assets within their critical infrastructure networks. The sensitivity of these assets demands a heightened focus on security. While similar tools exist, this solution uniquely incorporates the Exploit Prediction Scoring System (EPSS) to assess the real-time likelihood of vulnerability exploitation. ICS assets are vital components of Critical National Infrastructure. To ensure accuracy in such a sensitive context, the tool was developed using a rigorous V-Model methodology and subjected to extensive testing. Key findings reveal the top 25 most exploited software weaknesses affecting ICS and vulnerabilities with the highest probability of exploitation. This tool aims to bridge the knowledge gap between IT and OT asset security, empowering security architects to identify design-level weaknesses and proactively strengthen critical infrastructure defenses.

Keywords: Cyber Security, Industrial Control Systems, Critical Systems Threat Evaluation

 Conference Details

Session: Poster Session A at Poster Stand 73

Location: Sir Stanley Clarke Auditorium at Tuesday 7th 13:30 – 17:00

Markers: Hoang Nga Nguyen, Bertie Muller

Course: BSc Computer Science FI, 3rd Year

Future Plans: I’m looking for work