The Resilience Model Supporting IIoT System Trustworthiness
∀t∀s i ∃R ∗ ≠ R: P( U( F < ST, C, R ∗ >( D x, D SIoT)( t), Z) = TRUE An example of resource adaptation is increasing the resources to mitigate a DDoS attack. e) Environment adaptation ∀t∀s i ∃( D x, D SIoT) ∗ ≠( D x, D SIoT) ∶ P( U( F < ST, C, К >( D x, D SIoT) ∗( t), Z) = TRUE The system may be put into a restricted environment or an environment with different characteristics( such as a virtual machine), or the source of the disturbance may be removed from the environment.
Recover is to restore the mission or business functions during and after adversity.
In case the system, due to its exposure to adverse conditions, cannot restore its execution during some period of time, we consider its capability to recover after this period:
∀t∀s i ∃T RES: P( Y( t), Z ∗) = TRUE, P( Y( t + T RES), Z)
The recovery problem focuses on optimizing the restoration period T RES → min. It may be implemented by temporarily adjusting the parameters for the generic control function F; changing control algorithms, parameters of control and employing extra resources until conditions normalize.
According to the considered interpretation of the resilience goals, the following highlevel metrics for cyber resilience may be proposed in terms of the model:
- |
T ad, the time period during which the |
system is capable of withstanding the |
adversity, |
- |
T suc, the time period during which |
the system does not satisfy the set of |
essential requirements because of |
adversity, and |
- |
T RES, the time period during which |
the system is capable of restoring its |
functioning |
during |
and / or |
after |
adversity. |
|
|
|
Classification of Resilience Techniques and Approaches
The Draft NIST Special Publication 800-160 VOLUME 2 considers the resilience approaches: Adaptive Response( AR 14), Analytic Monitoring( AM), Coordinated Defense( CD), Deception( De), Diversity( Di), Dynamic Positioning( DP), Dynamic Representation( DR), Non-Persistence( NP), Privilege Restriction( PR), Realignment( Ra), Redundancy( Re), Segmentation( Se), Substantiated Integrity( SI), Unpredictability( Up). Let’ s consider this list using the proposed model from the perspective of choosing the approaches and techniques according to existing constraints.
Applying a technique or approach from the list requires accountability of some characteristics and may entail a change in one or more parameters of the predicate P
14
This and the following acronyms for the approaches are not defined in the Draft NIST Special Publication 800-160 VOLUME 2. We introduce them here to use further in the table.
- 125- IIC Journal of Innovation