IIC Journal of Innovation 9th Edition | Page 122

The Resilience Model Supporting IIoT System Trustworthiness The National Institute of Standards and Technology (NIST) Guide to Industrial Control Systems Security 4 gives a good explanation of typical differences between an IT system and an industrial control system, which is a kind of IIoT system. These differences eventually result in varying implementation approaches to the resilience aspects. Moreover, different IIoT systems make their own interpretation of resilience by requiring enforcement of specific physical or cyber constraints. I NTRODUCTION Shifting the focus from security to trustworthiness, survivability, dependability and similar concepts characterizing IIoT system behavior is one of the current trends. These concepts determine the varying sets of basic characteristics and requirements for the IIoT system such as security, safety, reliability and others. The complicated concepts must also address the dependencies and inconsistencies of the separate aspects of IIoT system behavior. 1, 2, According to the definition given in the Draft NIST Special Publication on Systems Security Engineering Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems, 5 “cyber resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources regardless of the source.” 3 The main objective of this research is to understand and clearly describe the place and role of cyber resilience in support of the mentioned concepts. The approach to the research is the initial analysis of definitions and further investigation of their connections using the semiformal model of the IIoT system behavior. According to the Industrial Internet Consortium (IIC) Industrial Internet Security Differences between the typical IT system and IIoT system require a particular attention during modeling system behavior. 1 F. Schneider, ed. Trust in Cyberspace. Nat’l Academy Press, 1999 2 A. Avizienis, Jean-Claude Laprie, B. Randell, and C. Landwehr. Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transactions on dependable and secure computing, Vol. 1, № 1, January-March 2004 3 Q. Zhang, A. King, F. Hirsch, S. Kort. Key Safety Challenges for the IIoT. An Industrial Internet Consortium Technical White Paper, 2018. https://www.iiconsortium.org/pdf/Key_Safety_Challenges_for_the_IIoT.pdf 4 Keith Stouffer, Suzanne Lightman, Victoria Pillitteri, Marshall Abrams, and Adam Hahn. NIST Special Publication 800-82 Rev.2. Guide to Industrial Control Systems (ICS) Security. National Institute of Standards and Technology, U.S. Department of Commerce, 2015. https://doi.org/10.6028/NIST.SP.800-82r2 5 R. Ross, R. Graubart, D. Bodeau, and R. Mcquaid. Draft NIST Special Publication 800-160 VOLUME 2. Systems Security Engineering Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems. National Institute of Standards and Technology, U.S. Department of Commerce, 2018. https://csrc.nist.gov/CSRC/media/Publications/sp/800-160/vol- 2/draft/documents/sp800-160-vol2-draft.pdf - 117 - IIC Journal of Innovation