Industrial Control System Availability Assessment with a Metric Based on Delay and Dependency

Analyzing safety and security of modern integrated enterprises, one can realize that for industrial control systems, availability is much more critical than other properties composing the classic security triad. However, it is not availability but confidentiality and integrity that are usually more concerned and adequately described in security policies. Furthermore, for assessing and maintaining system security, a number of formal models are utilized, but none of them corresponds directly to availability. The article considers the property of availability of industrial control systems, suggests adopting the IEC 62443 availability interpretation, and reveals a delay of the signal transmission to be a useful measure of the quantitative availability assessment. Investigating the software level of industrial control systems, the article presents a scheme of domains affecting availability and advocates utilizing a system dependency for making availability assessment more accurate and universal. As a result of the research, the article proposes a metric based on delay and dependency, which is helpful for the safety and risk engineering at both the design and operational stages. Copyright (C) 2021 The Authors.