Evaluating Cascading Impact of Attacks on Resilience of Industrial Control Systems: A Design-Centric Modeling Approach
This work addresses security vulnerabilities in industrial control systems, which is critical for infrastructure operators, but it is incremental as it applies existing modeling concepts to a specific domain.
The authors tackled the problem of evaluating the cascading impact of data-oriented attacks on Industrial Control Systems by proposing a design-centric modeling approach, which was validated on a water treatment testbed using metrics like Impact Ratio and Time-to-Critical-State to identify design weaknesses and recommend improvements.
A design-centric modeling approach was proposed to model the behaviour of the physical processes controlled by Industrial Control Systems (ICS) and study the cascading impact of data-oriented attacks. A threat model was used as input to guide the construction of the CPS model where control components which are within the adversary's intent and capabilities are extracted. The relevant control components are subsequently modeled together with their control dependencies and operational design specifications. The approach was demonstrated and validated on a water treatment testbed. Attacks were simulated on the testbed model where its resilience to attacks was evaluated using proposed metrics such as Impact Ratio and Time-to-Critical-State. From the analysis of the attacks, design strengths and weaknesses were identified and design improvements were recommended to increase the testbed's resilience to attacks.