The Resilience Model Supporting IIoT System Trustworthiness
transform these data according to the processing algorithm.
If the data obtained from sensors are inappropriate or sensors are incapable of providing the valuable indicators of adverse conditions, system resilience may be compromised because the decision of the monitoring mechanism is irrelevant with regard to the real system state. The example is the event in Maroochy, Australia, in 2000. 13 The event was an intentional, targeted attack by a knowledgeable person on an industrial control system. To conduct this attack and make the consequences of the failure more serious, the attacker suppressed and tampered with the data from the sensors, thus not revealing the attack.
The following formal assumption supports the resilience aspect from the perspective of accountability and monitoring:
Assumption. The basic condition for providing IIoT System Resilience. For any system state and any adverse condition, stress, attack or compromise, the functions transforming Process Input, Process Output and Environmental data to their IT representation remain unchanged.
This assumption must be valid if resilience is provided on the basis of monitoring. At the same time, it can be generally described only using the higher-order predicates. This makes the appropriate evaluation problem unsolvable in a formal way. The relevance of the control data in the IT context to the real physical values is usually supported by the technical engineering and design approach.
Let’ s describe formally the control process from the perspective of interaction of OT and IT. The generalized function U represents the appropriate generalized control function F represented in the IT context.
Control function F:( ST, C, R, D x, D SIoT) → D y( 1)
Depends, except the data, on the following arguments:
ST – algorithmic structure of the functions; the set of algorithms determining how the process works( control algorithms, request handling, etc.)
C – the set of parameters for the algorithms( trigger values, default mode, etc.)
R – system resources used to perform the operations.
Output of the control functions based on fixed algorithms, parameters and resources depends only on the sensors data and environment.
F = F < ST, C, R >
From( 1) we have the following parametrized function:
D y = F( D x, D SIoT)( 2)
Process Output depends on the Process Input and feedback from equipment( if the operation was performed successfully, etc.):
13
Marshall Abrams and Joe Weiss. Malicious Control System Cyber Security Attack Case Study – Maroochy Water Services, Australia. August 2008. https:// www. mitre. org / sites / default / files / pdf / 08 _ 1145. pdf
September 2018- 122-