Abstract: Cyber-physical systems (CPS) in industrial automation increasingly expose operational assets to cyber threats, yet existing security frameworks often fail to account for how functional behaviour, such as sensing, actuation, or parameter control, creates specific risk surfaces. This paper addresses that gap by applying the FAST framework (Functions, Assets, Security Threats, and Mitigation Techniques) to a robotic drilling scenario grounded in publicly documented ABB components. Building on the ISSRM model and Alter’s taxonomy of functions, we align business and system assets with MITRE ATT&CK for ICS tactics to create a structured mapping between operational roles and threat behaviours. The analysis is framed using the RAMI 4.0 architecture and demonstrates how functionally driven threat modelling enhances traceability, reuse, and stakeholder communication. Our contribution is a replicable method for linking functional operations to adversarial tactics, providing a semantically grounded alternative to abstract risk modelling. The resulting artefact enables security practitioners and engineers to prioritise mitigations based on real asset behaviour, supporting scalable and context-aware defence planning.
Authors: Vjatšeslav Antipenko & Raimundas Matulevičius
DOI: https://doi.org/10.1007/978-3-032-04375-7_23
Full Publication