Environmental Engineering Reference
In-Depth Information
FUTURE RESEARCH DIRECTIONS
countermeasure application towards
i
-th attack
type;
c
i,j
is costs of j-th countermeasure application
in order to decrease criticality of
i
-th attack;
a
i
is
a weighting coefficient of
i
-th attack.
To solve the formulated problem, one of
discrete programming methods can be used, for
example, branch and bound method.
The future research directions are the following:
• Development of a tool that supports gap-
IMECA-based approach.
•
Implementation of tool-based calculation
of metrics used in choosing the optimal set
of applicable security countermeasures.
Solution and Recommendations
A problem of security assessment and assurance
for safety important I&C systems is still chal-
lenging due to the fact that such systems consist
of interconnected complex components with dif-
ferent functions and different nature; moreover,
the majority of modern I&C systems are being
FPGA-based, hence, it is impossible to perform
their assessment without consideration of all the
special features for all the technologies used.
To assure cyber security of safety important
I&C systems, as well as to decrease a probability
of vulnerabilities exploitation and appearance of
security breaches, a cyber security assessment
approach is proposed. This approach implies
identification of all possible discrepancies, on
the basis of product and life cycle processes, and
their assessment via application of IMECA tech-
nique. The proposed approach is based on both
gap conception and IMECA technique. Such an
approach is applicable in assessment of various
aspects of safety important I&C systems, since it
considers process-product model to reveal all the
process discrepancies that can potentially result
in product anomalies.
Next important steps of research and develop-
ment activities, related to assurance of security for
safety important I&C systems, may be connected
with creation and implementation of tool-based
support for the proposed approach, taking into
account results of qualitative and quantitative
assessment.
CONCLUSION
The assessment of safety important I&C systems
security, as well as further assurance of such at-
tribute, is very important and challenging problem,
in terms of both regulations and their consequent
implementation. This chapter discusses some
problems related to assessment of security as-
pects of safety critical, including FPGA-based,
I&C systems.
Proposed here main elements of the approach
to cyber security assurance allows decreasing a
probability of vulnerabilities exploitation and
appearance of security weaknesses in safety
important I&C systems. Thus, approach implies
conducting of gap analysis, based on identifica-
tion of all possible vulnerabilities, on the basis
of product and life cycle processes, and their as-
sessment via application of IMECA technique.
The proposed approach and technique were
applied to cyber security assessment of RadICS
FPGA-based I&C platform developed by Research
and Production Corporation Radiy. Furthermore,
gap-and-IMECA-based technique was applied in
development of a company standard in Research
and Production Corporation Radiy that is harmo-
nized with international standards. This standard
is used during implementation of development
and verification activities for safety-critical I&C
systems for nuclear power plants.
Search WWH ::
Custom Search