AFMT: Maintaining the safety-security of industrial control systems

Abstract

Modern day industrial control systems are overwhelmingly complex. These systems feature intricate interactions between the cyber and the physical components. At the same time, they need to be trustworthy and deliver their services continuously. Underpinning, a crucial industrial activity to ensure the dependability of such critical systems is through timely maintenance, inspections and repairs. Several strategies exist here: “fix it when it breaks” (reactive maintenance), monitor and maintain a system in pre-established time intervals (preventive maintenance), preventive action based upon detected symptoms of failures condition-based maintenance (CBM), etc. In literature, the question of optimal maintenance frequency have been a subject of intense study. However, most papers, do not take information security aspects into account. This paper provides an automated tool-supported quantitative risk analysis framework, Attack-Fault-Maintenance Trees, AFMTs, that will enable practitioners to make informed choice on: (a) identifying the critical component(s) necessary for uninterrupted systems; (b) a decision support system that will provide informed choices on policy measures, countermeasures and safeguards that will reduce the disruptions; (c) run the “what-if” scenarios to find the optimal trade-offs between system attributes (safety, security, usability and maintenance). The front-end of the tool is a domain-specific language geared to represent the system architecture using graphical-constructs. The back-end of the framework remains hidden to the practitioner. It consists of a mathematical engine based on statistical model-checking techniques. A case study of oil-pipeline is used to demonstrate the efficacy of our framework.