RESICS:Resilience and Safety to attacks in ICS and CPS

RESICS：ICS 和 CPS 中针对攻击的弹性和安全性

• 批准号: EP/X037452/1
• 负责人: Emil Lupu
• 金额: $ 117.11万
• 依托单位: Imperial College London
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2023
• 资助国家: 英国
• 起止时间: 2023 至 无数据
• 项目状态: 未结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FX037452%2F1
• 关键词: RESICS; Resilience; Safety; attacks; ICS

We all critically depend on and use digital systems that sense and control physical processes and environments. Electricity, gas, water, and other utilities require the continuous operation of both national and local infrastructures to deliver their services. Industrial processes, for example for chemical manufacturing, production of materials such as cement, steel, aluminium or fertilizers, and manufacturing chains for car production or pharmaceuticals similarly lie at this intersection of the digital and the physical. This intersection also applies in other CPS such as robots, autonomous cars, and drones.All such systems are exposed to malicious threats and have been the target of cyber-attacks by different threat actors ranging from disgruntled employees to hacktivists, terrorists, organised crime and nation states. The increasing fragility and vulnerability of our cyber-enabled society is rapidly approaching intolerable limits. As these systems become larger and more complex interruption of service in any of these infrastructures can cause significant cascading effects with safety, economic and societal impacts.Because we critically depend on the operation of such systems, disruption to their operations must be minimised even when they are under attack and have been partially compromised. Because they operate in a physical environment, the safety of such systems must be preserved at all times to avoid physical damage and even threat to life. Therefore, ensuring the resilience of such systems, their survivability and continued operation when exposed to malicious threats requires the integration of methods and processes from security analysis, safety analysis, system design and operation that have traditionally been done separately and that each involve specialist skills and a significant amount of human effort. This is not only costly, but also error prone and delays response to security events. The full integration and automation of such methodologies will be a challenge for many years to come. However, RESICS aims to significantly advance the state-of-the-art and deliver novel contributions that facilitate: a) risk analysis for such systems in the face of adversarial threats taking into account the impact of security events across the cascading inter-dependencies; b) characterising attacks that can have an impact on the safety of the system, identifying the paths that make such attacks possible; c) identifying countermeasures that can be applied to mitigate threats and contain the impact of attacks; and d) ensuring that such countermeasures can be applied whilst preserving the system's safety and operational constraints and maximising its availability. These contributions will be evaluated across several test beds, digital twins, a cyber range and a number of use-cases across different industry sectors. They will deliver increased automation, lower the skill requirements involved in the analysis and in mitigating threats and improve response times to security incidents.To achieve these goals RESICS will combine model-driven and empirical approaches across both security and safety analysis, adopting a systems-thinking approach which emphasises Security, Safety and Resilience as emerging properties of the system. RESICS leverages preliminary results in the integration of safety and security methodologies with the application of formal methods and the combination of model-based and empirical approaches to the analysis of inter-dependencies in ICSs and CPSs.

我们都严重依赖和使用感知和控制物理过程和环境的数字系统。电力、天然气、水和其他公用事业需要国家和地方基础设施的持续运行才能提供服务。工业流程，例如化学制造、水泥、钢铁、铝或化肥等材料的生产，以及汽车生产或制药的制造链，同样位于数字和物理的交汇点。这种交叉也适用于其他CP，如机器人、自动驾驶汽车和无人机。所有这些系统都面临恶意威胁，并成为不同威胁参与者的网络攻击目标，从心怀不满的员工到黑客活动家、恐怖分子、有组织犯罪和民族国家。我们的网络社会日益脆弱和脆弱，正在迅速接近无法容忍的极限。随着这些系统变得更大和更复杂，这些基础设施中的任何一个的服务中断都会造成重大的级联效应，带来安全、经济和社会影响。由于我们严重依赖这些系统的运行，即使它们受到攻击并已部分受损，也必须将其运行中断降至最低。由于它们在物理环境中运行，因此必须时刻保持此类系统的安全，以避免物理损坏甚至生命威胁。因此，要确保这类系统的复原力、生存能力和在面临恶意威胁时的持续运作，需要整合安全分析、安全分析、系统设计和操作的方法和流程，这些方法和流程传统上是分开完成的，每个方法和流程都需要专业技能和大量的人力。这不仅代价高昂，而且容易出错和延迟对安全事件的响应。这些方法的充分整合和自动化将是今后许多年的一项挑战。然而，RESICS的目标是显著推进最先进的技术，并提供新的贡献，以促进：a)在面对敌意威胁的情况下对此类系统进行风险分析，同时考虑到级联相互依赖的安全事件的影响；b)确定可能对系统安全产生影响的攻击的特征，确定使此类攻击成为可能的路径；c)确定可用于缓解威胁和遏制攻击影响的对策；以及d)确保可以应用此类对策，同时保持系统的安全和操作约束并最大限度地提高其可用性。这些贡献将在几个试验台、数字双胞胎、一个网络范围和不同行业的许多用例中进行评估。它们将提供更高的自动化程度，降低分析和缓解威胁所涉及的技能要求，并缩短对安全事件的响应时间。为了实现这些目标，RESICS将在安全和安全分析方面结合模型驱动和经验方法，采用系统思维方法，强调安全、安全和弹性是系统的新兴属性。RESICS利用安全和安保方法与正式方法的应用相结合的初步结果，以及基于模型和经验方法的组合来分析ICSS和CPSS中的相互依赖关系。