System Architecture is the all-encompassing layer that defines overall security architecture of an entire factory automation, or a geographically distributed power grid, or a nuclear generation facility etc. If the system architecture has weaknesses, then securing all the other layers may not be very useful. For example, 30% of all major attacks are known to be insider attacks. Securing the perimeter, securing the individual devices may not be enough against an insider attack especially a privileged insider. Therefore, the system architecture must be built to be resilient against attacks. Resiliency means:
a. The system should be able to detect an ongoing attack as soon as possible (worldwide average detection for unprepared utilities is close to 260 days which means that by that time the attack has persisted into the system and possibly waiting for an opportune moment to strike)
b. System must be able to contain the attack by islanding the affected part of the system
c. It should respond to the attack by islanding as well as enhancing and regulating activities in so far unaffected part of the system
d. It should recover as quickly as possible. The resiliency is not about protection but more about monitoring and surveillance for fast detection, response and recovery.
Methodologies, system architecture frameworks and tools
We plan to build methodologies, system architecture frameworks and tools that would allow us to build resilient CPS – also, we must have a pathway to build resiliency in already existing CPS installations by retrofitting solutions we plan to develop. In this, we follow security architecture standards such as ISA/IEC 62443 and NIST (National Institute of Standards and Technology, USA) Cyber Security Framework (CSF).
The main research activities in this layer are:
i. Methodology development for Secure System Architecture based on Standards for CI-CPS, A-CPS, and U-CPS
ii. Tools to support NIST cyber security framework implementation (Detection, Isolation and Islanding mechanism, Response mechanism and Recovery Mechanism)
iii. Advisories for Industry and Utilities
iv. Securing large-scale IoT and IIoT ecosystems.