Авіаційно-космічна техніка та технологія (Feb 2024)
Using the FMEDA/FIT verification method to assess the cybersecurity of a programable logic controller: a new interpretation of the SIS principle
Abstract
The object of this study is a programmable logic controller (safety PLC), which is part of an information and control system designed for safe management of important technological processes. The subject of this study is the substantiation of the legality of reusing the results obtained during the development of the safety PLC in accordance with the requirements of functional safety to assess the level of its cyber security. The purpose of this work is to investigate the possibility of "cross" evaluation of the safety characteristics of the safety PLC, namely, the possibility of evaluating the level of cyber security of the programmable logic controller based on known data regarding its level of functional safety, in order to optimize the use of available resources in the project. The study tasks are following: to provide a theoretical basis for the relationship between safety PLC characteristics such as functional safety and cybersecurity. Determine the metrics by which it will be possible to assess the degree of reuse of existing results. Perform an analysis of potential cyberattacks depending on the architecture of the information and control system, which performs security functions, as well as on the possible modes of its use. Determine and evaluate the degree of "cross" influence of critical characteristics of the research object. To perform a calculation analysis of the potential financial and time gain from the reuse of already known results for the minimum configuration of the safety PLC. Conclusions. The study demonstrated the relevance of the question of assessing the cybersecurity of a programmable logic controller based on the use of existing data, regarding its level of functional security (SIL). The proposed approach provides opportunities to significantly optimize the use of resources in safety PLC certification projects. However, the main methodological conclusion is that the well-known principle of Security Informed Safety can be developed and used in practice in the opposite direction, as Security supported/assessed by Safety. That is, to the principle of "assessment of functional safety taking into account/on information (cyber) security" the principle of "assessment of information (cyber) security with the support of/taking into account the results of the assessment of functional security" is added.
Keywords
