The Resilience Model Supporting IIoT System Trustworthiness
Anticipate is to maintain a state of informed preparedness for adversity .
The need for preparedness for adverse conditions should be addressed by assurance on the proper choice of one or more parameters for the generic control function F : control algorithms , parameters of control and the available resources . Assurance on control algorithms means the verification of their behavior against adversity . Assurance of parameters and resources means checking their adequacy and sufficiency for supporting that behavior .
Maintaining the state of informed preparedness requires the situational awareness based on the indicators of possible compromise . For this purpose validation of input data D x and monitoring of environmental data D S should be continuously performed .
Withstand is to continue the essential mission or business functions despite adversity .
The violation of requirements for continuous mission execution means that the predicate P is FALSE for some period of time .
∃ad i , ∃T ad : P ( Y ( T ad ), Z ) = FALSE
To support the required property we need to reduce the time period Tad . Thus , supporting resilient execution turns to the optimization problem T ad → min . This approach to the system resilience by withstanding the adverse conditions is best illustrated by the interpretation referred to earlier of resilience through the quality of service .
Adapt is to modify the mission or business functions and / or supporting capabilities to predicted changes in the technical , operational or threat environments . Adaptation may be required when the attack is successful :
∃ad i , ∃T suc : P ( Y ( T suc ), Z ∗ ) = FALSE
Tsuc is the time period to reduce T suc → min . during this period the current system behavior does not satisfy Z ∗ .
Adaptation helps to withstand the adverse conditions and recover in minimal time ( for example , by changing the parameters of the generic control function F ) but it also leaves the system in a configuration better prepared for further adversity .
A variety of adaptations may enhance resilience , including : a ) Adaptation of requirements ∀t∀s i P ( Y ( t ), Z ∗ ) = TRUE ; The set of requirements may be reduced to the set of essential requirements , the minimal set for which system functioning remains satisfactory . b ) Parametric adaptation ∀t∀s i ∃C ∗ ≠ C : P ( U ( F < ST , C ∗ , R > ( D x , D SIoT )( t ), Z ) = TRUE The set of parameters determining how the system functions may be changed . c ) Algorithmic adaptation ∀t∀s i ∃ST ∗ ≠ ST : P ( U ( F < ST ∗ , C , R > ( D x , D SIoT )( t ), Z ) = TRUE ; The algorithms of the process control may be changed . d ) Resource adaptation
September 2018 - 124 -