Evaluation of Visual Notations as a Basis for ICS Security Design Decisions

For making informed security decisions during the design of industrial control systems (ICS), engineers need to process large amounts of security-relevant information outside their area of expertise. This problem moves the presentation of the security-relevant information into focus: security-relevant engineering information must be presented to security decision-makers in a way that enables them to decide upon security measures to build a defensible system. Visual representations have the potential to effectively convey suchlike information, thus saving the engineers' brain capacity for the security decision-making. However, research shows that this potential is only realized if the visualizations are carefully constructed for cognitive effectiveness. As a prerequisite for constructing a visual language for security engineering in the future, this paper explores two scientific questions: 1) what are the requirements for visualizing security-relevant engineering information in a way that enables engineers to make security decisions during ICS design? and 2) which existing visual languages meet (parts of) these requirements? The evaluation of existing visualizations reveals that there is a need for an improved, specialized visual language for security engineering that builds upon established engineering visualizations like piping and instrumentation diagrams and network maps, represents all security-relevant information as icons to achieve semantic transparency, and includes filtering mechanisms to reduce the complexity of each single diagram. The paper finishes with defining the main pillars of a future visual language that should allow ICS engineers to quickly capture security-relevant information and guide them through the process of selecting the right security measures to design a defensible ICS.