A Formal Security Model for Networked Control Systems

Networked control systems (NCS) are at the base of many important processes in the
aerospace domain. The increasing requirements of e±ciency are pushing designers to re-
move the traditional 'air gaps' placed between control system networks and the rest of the
interconnected world. Features such as remote administration and integration with busi-
ness procedures are becoming commonplace. However, these changes are also opening the
possibility that malicious remote users could compromise the system. The tight connection
with a physical process typical of NCS makes difficult the direct application of traditional
techniques for the evaluation of system security. In this paper, we present a security as-
sessment methodology suited for use in the networked control system domain. Using this
methodology, system designers and maintenance personnel can create and keep up-to-date
models of the system expressed in terms of their areas of expertise (either control system
design or network design). An automated analysis allows the determination of a set of
critical components ranked according to the effects that their potential compromise would
cause on the system. Also, the analysis identifies properties of the control system, such as
the presence of single points of failure and the containment of faults within each subsystem.
This information can be used to target security efforts to the most critical elements of the
system. The applicability of the methodology is demonstrated with its application to a
case study of a smart building automation system.