Visible to the public ICS-CRAT: A Cyber Resilience Assessment Tool for Industrial Control Systems

TitleICS-CRAT: A Cyber Resilience Assessment Tool for Industrial Control Systems
Publication TypeConference Paper
Year of Publication2019
AuthorsHaque, Md Ariful, Shetty, Sachin, Krishnappa, Bheshaj
Conference Name2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS)
Keywordsbig data security metrics, Computer simulation, control engineering computing, Critical Service Functionality, cyber resilience, cyber resilience assessment tool, cyber resilience metrics, ICS-CRAT, industrial control, industrial control systems, production engineering computing, pubcrawl, qualitative simulation tool, Qualitative Tool, R4 resilience framework, resilience, Resilience Metrics, Resiliency, Resilient Security Architectures, Scalability, security guidelines, security of data, simulation engine, standards practices, subject matter experts, system architecture

In this work, we use a subjective approach to compute cyber resilience metrics for industrial control systems. We utilize the extended form of the R4 resilience framework and span the metrics over physical, technical, and organizational domains of resilience. We develop a qualitative cyber resilience assessment tool using the framework and a subjective questionnaire method. We make sure the questionnaires are realistic, balanced, and pertinent to ICS by involving subject matter experts into the process and following security guidelines and standards practices. We provide detail mathematical explanation of the resilience computation procedure. We discuss several usages of the qualitative tool by generating simulation results. We provide a system architecture of the simulation engine and the validation of the tool. We think the qualitative simulation tool would give useful insights for industrial control systems' overall resilience assessment and security analysis.

Citation Keyhaque_ics-crat_2019