The Resilience Model Supporting IIoT System Trustworthiness
Now, to identify the appropriate technique and the approach to enhance the system resilience, the stakeholders must consider which of the IIoT system characteristics may be varied during the design phase. When the system is functioning, feasibility analysis is applied to consider the appropriate algorithms, technologies and implementation options.
The illustration for applying this method is provided in the following case studies:
Case study 1. In the industrial network, increasing the resilience of the data historian to the external impact
Case study 2. Increasing the resilience of an e-commerce website to DDoS attacks
While these case studies seem to be similar, the tactic for their protection against malicious impact varies.
This is primarily due to the nature of connected risks. The impact on the data historian is linked to either occasional events or to the attempts to compromise the control equipment. The data historian server is unlikely to provide an economically attractive goal for a targeted attack. At the same time, the data historian may be a goal for a rogue person trying to sabotage the control process. Thus, some efforts are required to provide the resilient execution of the functions implemented by the data historian.
Among the factors that influence the ways to enhance resilience for this case study, the following may change: algorithmic structure of the monitoring functions( ST), the set of parameters for the algorithms( C) and system resources used to perform the operations( R). Input data( monitoring data from the control equipment), environment and criteria for resilient execution cannot change.
The data historian server in the industrial network is usually placed in the demilitarized zone, a network segment behind the perimeter of subnetwork containing the control equipment. This zone is also separated from the corporate network connected to the Internet but can be reached from specific computers in this network. This best practice, being properly implemented, also facilitates the resilience of the data historian server but it still remains exposed to the attacks via these specific computers. Changing the algorithmic structure of the monitoring functions and parameters for these functions to implement self-monitoring may help to reveal the attacks. Installing the secondary data historian server and periodic backups are ways of enhancing the resilience of monitoring the control process by allocation extra resources( R).
This is the simple case but the second one is much more complicated. Most of the attacks have financial underpinnings so the e- commerce websites, such as payment system, are the likely target for many threats. Among these threats, we specifically consider DDoS attacks which may be implemented on different layers. The first level is L2, linked to the depletion of channel capacity( any flood attacks, implemented, for example, through amplification of ICMP, NTP, DNS or other requests). The second level is L3, attacks at this level influence the functioning of the network infrastructure.
September 2018- 128-