Root Cause Analysis Framework – Safety and Security in Industrial Control Systems

As a part of the Cyber-Physical Security in Energy Infrastructure of Smart Cities (CPSEC) project, IFE has developed a root cause analysis framework for building probabilistic models. The models could support decision makers to choose the effective response strategy in case of a cyber-attack or a technical failure in the Critical Infrastructures (CIs) operated by Industrial Controls Systems (ICS).

Smooth and safe operation of CIs such as energy, manufacturing, and transportation is vital for the functioning of society. Over the years, CIs depend to a great extent on ICS for their operation. Modern ICS are susceptible to both technical failures and cyber-attacks as they do not operate in isolation. Organisations should have adequate detection and response mechanisms to handle incidents caused by cyber-attacks or technical failures. The response strategy developed for technical failures might not be effective for cyber-attacks. Moreover, we need to determine the root cause – attack vectors in case of an attack or failure modes in case of a technical failure – to choose the effective response strategy. Because, the response strategy aimed to block an attack vector might not be effective for blocking a different attack vector that could be used to cause the same problem. This is also the case with the failure modes.

We have developed a root cause analysis framework for building probabilistic models with appropriate contributory factors that could help to determine: the most likely attack vector used by an adversary to cause the attack; or the most likely failure mode that caused the failure. This knowledge will help the decision makers (e.g. system engineers, security experts) to put effective response strategies in place and minimise unwanted consequences.

A part of this work is published in the proceedings of the 2019 IEEE Conference on Information and Communication Technology (CICT).