Cybersecurity Analysis of Industrial Control System Functionality

The cybersecurity issue becomes increasingly important with the development of the Industrial IoT (IIoT) and Industrial 4.0 architectures. The instance of cyberattacks against infrastructures and Industrial Control System (ICS) in safety critical domains is increasing every year. How to alleviate this situation is a challenging topic. In many cases, threats to cybersecurity are only discovered after they have led to a disaster. In this paper, we are going to analyze those cybersecurity issues from the system functionality, before an attack happens. Except for considering confidentiality and availability, functional integrity and information integrity are involved as well. This allows a precise determination of cybersecurity issues during the analysis process (from the system function perspective). A safety critical ICS in a Nuclear Power Plant (NPP) is used as an example to show how to conduct the cybersecurity analysis step by step. The final analysis result is presented in Casual Fault Graph (CFG), which is illustrated by using the YBT (Why-Because-Toolkit). The attack models are illustrated to show the possible attack vectors in our analysis. Further, feasibility is provided based on these attack models for our specific system.