The Resilience Model Supporting IIoT System Trustworthiness
∀t∀s i ∃R ∗ ≠ R : P ( U ( F < ST , C , R ∗ > ( D x , D SIoT )( t ), Z ) = TRUE An example of resource adaptation is increasing the resources to mitigate a DDoS attack . e ) Environment adaptation ∀t∀s i ∃ ( D x , D SIoT ) ∗ ≠ ( D x , D SIoT ) ∶ P ( U ( F < ST , C , К > ( D x , D SIoT ) ∗ ( t ), Z ) = TRUE The system may be put into a restricted environment or an environment with different characteristics ( such as a virtual machine ), or the source of the disturbance may be removed from the environment .
Recover is to restore the mission or business functions during and after adversity .
In case the system , due to its exposure to adverse conditions , cannot restore its execution during some period of time , we consider its capability to recover after this period :
∀t∀s i ∃T RES : P ( Y ( t ), Z ∗ ) = TRUE , P ( Y ( t + T RES ), Z )
The recovery problem focuses on optimizing the restoration period T RES → min . It may be implemented by temporarily adjusting the parameters for the generic control function F ; changing control algorithms , parameters of control and employing extra resources until conditions normalize .
According to the considered interpretation of the resilience goals , the following highlevel metrics for cyber resilience may be proposed in terms of the model :
- |
T ad , the time period during which the |
system is capable of withstanding the |
adversity , |
- |
T suc , the time period during which |
the system does not satisfy the set of |
essential requirements because of |
adversity , and |
- |
T RES , the time period during which |
the system is capable of restoring its |
functioning |
during |
and / or |
after |
adversity . |
|
|
|
Classification of Resilience Techniques and Approaches
The Draft NIST Special Publication 800-160 VOLUME 2 considers the resilience approaches : Adaptive Response ( AR 14 ), Analytic Monitoring ( AM ), Coordinated Defense ( CD ), Deception ( De ), Diversity ( Di ), Dynamic Positioning ( DP ), Dynamic Representation ( DR ), Non-Persistence ( NP ), Privilege Restriction ( PR ), Realignment ( Ra ), Redundancy ( Re ), Segmentation ( Se ), Substantiated Integrity ( SI ), Unpredictability ( Up ). Let ’ s consider this list using the proposed model from the perspective of choosing the approaches and techniques according to existing constraints .
Applying a technique or approach from the list requires accountability of some characteristics and may entail a change in one or more parameters of the predicate P
14
This and the following acronyms for the approaches are not defined in the Draft NIST Special Publication 800-160 VOLUME 2 . We introduce them here to use further in the table .
- 125 - IIC Journal of Innovation