Cybersafety: A System-theoretic Approach to Identify Cyber-vulnerabilities & Mitigations in Industrial Control Systems

Abstract

Recent cyber-physical attacks, such as Stuxnet, Triton etc., have invoked an ominous realization about the lethality of such attacks and the vulnerability of critical infrastructure, including power, gas and water distribution systems. Traditional IT security-biased protection methods that narrowly focus on improving cyber hygiene are largely impotent in the face of targeted attacks by advanced cyber-adversaries. Thus, there is an urgent need to analyze the safety and security of critical infrastructure systems in an integrated, holistic fashion that leverages the physics of the cyber-physical system. System-Theoretic Accident Model & Processes (STAMP) offers a powerful, holistic, structured framework to analyze complex systems; hitherto, STAMP has been used extensively to perform safety analyses but an integrated safety and cyber-security analysis of industrial control systems (ICS) has not been published. This paper uses an actual electrical generation and distribution system of an archetypal industrial facility to demonstrate the application of a STAMP-based method – we call Cyber-safety – to identify and mitigate cyber-related vulnerabilities in ICS. The key contribution of this work is to differentiate the additional steps required to perform a holistic cyber-security analysis for an ICS of significant size and complexity and to present the analysis in a robust and structured format such that it can be emulated to analyze larger systems with many interdependent subsystems.