The Resilience Model Supporting IIoT System Trustworthiness
The National Institute of Standards and
Technology (NIST) Guide to Industrial
Control Systems Security 4 gives a good
explanation of typical differences between
an IT system and an industrial control
system, which is a kind of IIoT system. These
differences eventually result in varying
implementation
approaches
to
the
resilience aspects. Moreover, different IIoT
systems make their own interpretation of
resilience by requiring enforcement of
specific physical or cyber constraints.
I NTRODUCTION
Shifting the focus from security to
trustworthiness, survivability, dependability
and similar concepts characterizing IIoT
system behavior is one of the current trends.
These concepts determine the varying sets
of basic characteristics and requirements for
the IIoT system such as security, safety,
reliability and others. The complicated
concepts
must
also
address
the
dependencies and inconsistencies of the
separate aspects of IIoT system behavior. 1, 2,
According to the definition given in the Draft
NIST Special Publication on Systems Security
Engineering Cyber Resiliency Considerations
for the Engineering of Trustworthy Secure
Systems, 5 “cyber resiliency is the ability to
anticipate, withstand, recover from, and
adapt to adverse conditions, stresses,
attacks, or compromises on systems that use
or are enabled by cyber resources regardless
of the source.”
3
The main objective of this research is to
understand and clearly describe the place
and role of cyber resilience in support of the
mentioned concepts. The approach to the
research is the initial analysis of definitions
and further investigation of their
connections using the semiformal model of
the IIoT system behavior.
According to the Industrial Internet
Consortium (IIC) Industrial Internet Security
Differences between the typical IT system
and IIoT system require a particular
attention during modeling system behavior.
1
F. Schneider, ed. Trust in Cyberspace. Nat’l Academy Press, 1999
2
A. Avizienis, Jean-Claude Laprie, B. Randell, and C. Landwehr. Basic Concepts and Taxonomy of Dependable and Secure
Computing. IEEE Transactions on dependable and secure computing, Vol. 1, № 1, January-March 2004
3
Q. Zhang, A. King, F. Hirsch, S. Kort. Key Safety Challenges for the IIoT. An Industrial Internet Consortium Technical White Paper,
2018. https://www.iiconsortium.org/pdf/Key_Safety_Challenges_for_the_IIoT.pdf
4
Keith Stouffer, Suzanne Lightman, Victoria Pillitteri, Marshall Abrams, and Adam Hahn. NIST Special Publication 800-82 Rev.2.
Guide to Industrial Control Systems (ICS) Security. National Institute of Standards and Technology, U.S. Department of Commerce,
2015. https://doi.org/10.6028/NIST.SP.800-82r2
5
R. Ross, R. Graubart, D. Bodeau, and R. Mcquaid. Draft NIST Special Publication 800-160 VOLUME 2. Systems Security
Engineering Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems. National Institute of Standards
and Technology, U.S. Department of Commerce, 2018. https://csrc.nist.gov/CSRC/media/Publications/sp/800-160/vol-
2/draft/documents/sp800-160-vol2-draft.pdf
- 117 -
IIC Journal of Innovation