Digitalisation and automation are considered to be two of the key enablers for ensuring future profitability of factories.

The Factory of the Future (FoF) is no longer a collection of individual systems, but becomes a multifunctional production system. Consequently, new techniques are needed to improve the level of optimisation and cyber resilience of the FoF. Two beneficial techniques to ensure resilient FoF developments on an early stage are Risk Assessments (RA) and Misuse-Cases (MUC) development, both presented in this article.

At the beginning of a Risk Assessment, a suitable methodology must be selected. As a leading partner in the Cyberfactory#1 project, we initially set up workshops to ensure that all parties fully understand our approach. The next step is the Risk Assessment, followed by a complete review of the risks. Next, Misuse-Cases are generated and documented. After an internal quality check the documentation is handed over to the Use-Case (UC) owner. These process steps are depicted in Figure 1.

Figure 1: Cyberfactory #1 Risk Assessment and Misuse-Case apporach

Risk Assessment based on IEC-62443

Our Risk Assessment approach

Misuse-Case development

A misuse-case that is associated to a Use-Case, describes the steps and scenarios that lead to behaviour of the involved systems that is unintended by the system operator, i.e. behaviour that conflicts with  the systems requirements. These are similar to Use-Cases in the sense that they also define scenarios that lead to fulfilment of goals, even if they are not positive or desired from the business process perspective or from the point of view of system designers.

The Misuse-Case development is conducted after the risk assessment and is used to prioritise and aggregate documented risks as part of an attack story, as well as to describe them in more detail while reflecting a possible attacker profile and attack vectors and ideally to demonstrate the Misuse-Case scenario. Furthermore, mitigations are developed and suggested to the Use-Case owner in order to enable adjustment of the security measures which will lead to a more resilient FoF. In addition, each Misuse-Case discovers mitigation gaps which cannot always be addressed by State-of-the-Art (SotA) security measures and by doing so, it shows the need to adapt or develop security measures leading to a more resilient secure FoF environment.

Meaningful resilience effects to FoF environments

Risk Assessment and Misuse-Case generate together meaningful effects to the resilience of the Use-Cases inside the FoF. Experience has shown that RA are beneficial to fully understand the Use-Case from a holistic point of view. This is supported by visiting the facilities associated to a Use-Case and getting into direct dialogue with the Use-Case owners. Furthermore, on-site reconnaissance has shown that hidden interfaces and more specific details of potential risks were brought to light during these activities. It must be underlined that the Use-Case owner is an indispensable asset and therefore is involved in the whole process.

Likewise, high-level RA are beneficial for Use-Case owners as well as for the whole supply chain. Use-Case owners are not always familiar with RA or cyber risks and therefore a high-level Risk Assessment provides them with the right tool to understand the conducted activities and more importantly the inputs they have to deliver. For the Risk Assessment provider like Airbus Protect, a high-level assessment lays the foundation for an effective and successful Risk Assessment by setting the scope of work.

The detailed Risk Assessment is not just an activity to list risks, rather more; it helps the Use-Case owner to identify the risk’s root causes by up- and down-streaming analysis. Figure 2 illustrates the process.

Figure 2: Up- and Down-streaming of Risks

The Up- and Down-streaming approach helps to identify root causes that trigger other less probable risks which help the Use-Case owner to implement effective mitigations to achieve a more resilient environment.

Misuse-Case development offers the ability to model it in a monitored environment to find adequate mitigations. Using such models, attacker profiles and attack vectors are simulated and analysed. Furthermore, mitigations are derived and proposed to the Use-Case owner.

Lastly, information gathered during the process is documented and facilitates the Use-Case owner to understand the challenges and how to tackle them. This documentation can also be used to follow up possible risks during further development of FoF Use-Cases and enables the development of resilient FoF environments.

Conclusion

Risk Assessments are essential for implementing strong and effective security measures, but beforehand it is necessary to evaluate the best fitting approach for the examined environment. Furthermore, a Risk Assessment contributes to fully understand a Use-Case by being in direct exchange with the Use-Case owner and also be able to visit the environment.

Misuse-Case development is facilitating the whole process to obtain a resilient FoF environment. First, the Use-Case owner gets a hands-on demonstration of risks that were documented during the Risk Assessment. Secondly, it’s beneficial for the Use-Case owner to be aware of risks in his environment, so that effective mitigations can be put in place afterwards.

We, at Airbus Protect, have good experiences using this approach on half a dozen FoF Use-Cases owned by Airbus and our research partners.

Find out more about our offering

We, at Airbus Protect, help critical infrastructure and industry to build and maintain persistent CyberResilience for the interconnected industrial systems of tomorrow. We support you with our industry proven step by step approach – Assess – Protect – Manage. Find out more here about our OT-Security offerings here.

• Share