Analytical and stochastic method in order to build safety and security block diagrams of cyber assets of SCADA system for critical infrastructure

O. V. Ivanchenko

doi:10.32836/2521-6643-2019-1-57-6

O. V. Ivanchenko Doctor Ph.D., Associate Professor, Department of Information Systems and Technologies University of customs and finance https://orcid.org/0000-0002-5921-5757

DOI: https://doi.org/10.32836/2521-6643-2019-1-57-6

Keywords: critical infrastructure; cyber assets; security block diagrams; analytical and stochastic assessments

Abstract

Safety and security of supervisory control and data acquisition systems (SCADA), which utilize in corresponding management circuit of a critical infra-structure (CI) is one of the most important task that to be explored. This task is also serious issue for critical computing and security engineering realm. Familiar examples of the negative events for critical energy infrastructure’s (CEI) compo-nents, when malicious deliberate impacts on cyber assets of SCADA system led to outages of the regional energy clusters are bright evidences of this issue. There-fore, the presented paper is devoted to a technique development of security block diagrams for CI SCADA systems based on assess of dependability and availabil-ity of their components considering malicious deliberate impacts on overall cyber assets. In fact, it is also undoubtedly distinct significant issue into critical compu-ting realm. Proposed technique is developed based on taxonomy for risk assess considering some negative factors. These negative factors can influence on over-all availability and cybersecurity of the CI. Therefore, how to get safety and secu-rity assessments and further how to ensure effective functioning of SCADA CI is a distinct significantissue, which to be explored. The technique involves concrete steps in order to build fault tree for cyber assets of the SCADA CI. Next step al-lows to write overall equation for system failure based on the use of received fault tree. In addition, the researcher continues to build a reliability block of diagram (RBD) in order to estimate overall availability level for cyber assets of the SCADA CI. Using RBD and information about deliberate malicious impacts (DMIs), researcher can be built a DMI block diagram in order to estimate proba-bility assessment for different DMIs. As general results, the researcher can de-termine probability of compromize operation, when intruders want to implement the DMI. Thus, if you wanted to perform a deep analysis of safety and security of the SCADA system of the CI considering different negative events, such as sudden and hidden failures, accidents and disaster of the CI, including DMIs, you would be able to use the proposed technique.