Presented by Chidi Agbo – Cyber Security Emphasis
Virtual Presentation – Join via Zoom
Safety-critical systems (e.g., industrial control systems (ICS)) are systems whose failure can lead to severe consequences such as equipment damage, environmental or water pollution, human injury, or even loss of life. The protection of safety-critical systems remains a major challenge due to the considerable dependence on digital and automation technologies. The present cybersecurity assessment methods and engineering practices lack the required capabilities to address the safety and security concerns in ICS. The reason is that the complexity and advancement of these systems have increased over the years and the inclusion of security as an add-on property during design and development is counterproductive thus the need for a new design and engineering approach that includes cybersecurity and cyber risk assessments in the earliest stages of the system development life cycle. Although it is infeasible to identify all possible cybersecurity risks and threats, investigating and triaging cyber-induced high-consequence events (HCE) is important. In this dissertation proposal, we implement a new engineering approach, the Cyber-Informed Engineering (CIE) framework with the use of the STPA-SafeSec-CDCL approach, Consequence-Driven, Cyber-Informed Engineering(CCE) and Bayesian network(BBN) approach(CCE-BBN approach) with a sensitivity analysis(SA) to address the challenge. The STPA-SafeSec-CDCL is an approach for safety and security co-engineering with a focus on identifying and resolving conflicting requirements/goals that occur when safety goals undermine the security or design goals and vice versa. The CCE-BBN is our new cybersecurity risk assessment method implemented with the BBN and SA models for the identification and analysis of HCE that can cripple critical infrastructure(ICS) and the provision of protection and mitigation strategies. Our preliminary result with the Tennessee Eastman plant process model demonstrates that our proposed approach can increase the robustness, safety, security, and resilience of ICS by engaging in a deep analysis of the safety and security of the system, identification of critical assets and HCE, and the creation of protection and mitigation mechanisms to ensure the safe operation of the system under HCE or cyber-attacks.