Aerospace Technic and Technology

The object of this study is a programmable logic controller (safety PLC), which is part of an information and control system designed for safe management of important technological processes. The subject of this study is the substantiation of the legality of reusing the results obtained during the development of the safety PLC in accordance with the requirements of functional safety to assess the level of its cyber security. The purpose of this work is to investigate the possibility of "cross" evaluation of the safety characteristics of the safety PLC, namely, the possibility of evaluating the level of cyber security of the programmable logic controller based on known data regarding its level of functional safety, in order to optimize the use of available resources in the project. The study tasks are following: to provide a theoretical basis for the relationship between safety PLC characteristics such as functional safety and cybersecurity. Determine the metrics by which it will be possible to assess the degree of reuse of existing results. Perform an analysis of potential cyberattacks depending on the architecture of the information and control system, which performs security functions, as well as on the possible modes of its use. Determine and evaluate the degree of "cross" influence of critical characteristics of the research object. To perform a calculation analysis of the potential financial and time gain from the reuse of already known results for the minimum configuration of the safety PLC. Conclusions. The study demonstrated the relevance of the question of assessing the cybersecurity of a programmable logic controller based on the use of existing data, regarding its level of functional security (SIL). The proposed approach provides opportunities to significantly optimize the use of resources in safety PLC certification projects. However, the main methodological conclusion is that the well-known principle of Security Informed Safety can be developed and used in practice in the opposite direction, as Security supported/assessed by Safety. That is, to the principle of "assessment of functional safety taking into account/on information (cyber) security" the principle of "assessment of information (cyber) security with the support of/taking into account the results of the assessment of functional security" is added.

safety PLC; functional safety; cybersecurity; vulnerability; failure: SIS; SAS

World Nuclear Association. Nuclear Power in the USA. Report, October 2023. Available at: https://world-nuclear.org/information-library/country-profiles/countries-t-z/usa-nuclear-power.aspx (accessed 05 Jan 2024).

U.S. Nuclear Regulatory Commission. Regulatory Guide 1.168. Verification, validation, reviews, and audits for digital computer software used in safety systems of nuclear power plants, Revision 2. July 2013. 15 p. Available at: https://www.nrc.gov/docs/ML1307/ML13073A210.pdf (accessed 05 Jan 2024).

Safety Classification for I&C Systems in Nuclear Power Plants – Current Status & Difficulties. Report No. 2015/008, World Nuclear Association, September 2015. 27 p. Available at: https://www.world-nuclear.org/uploadedFiles/org/WNA/Publications/Working_Group_Reports/safety-classification-for-iandc-systems-in-npps.pdf (accessed 05 Jan 2024).

IEC 61508:2010. Functional safety of electrical / electronic / programmable electronic safety related systems. Part 1-7. International Electrotechnical Commission. Available at: https://www.iec.ch/global/search?keyword=IEC%2061508%3A2010#gsc.tab=0&gsc.q=IEC%2061508%3A2010 (accessed 05 Jan 2024).

IEC 61513:2011. Nuclear power plants – Instrumentation and control important to safety – General requirements for systems. International Electrotechnical Commission, 2011-08-25. Available at: https://webstore.iec.ch/publication/5532 (accessed 05 Jan 2024).

ISO 26262-1:2018. Road vehicles – Functional safety. Part 1-4. International Organization for Standardization, 2018-12-01. Available at: https://www.iso.org/standard/68386.html (accessed 05 Jan 2024).

RadlCS Topical Report. Part I – NRC Safety Evaluation. Document ID: 2016-RPC003-TR-001 NP-A. Available at: https://www.nrc.gov/docs/ML1923/ML19233A177.pdf (accessed 05 Jan 2024).

Babeshko, Ye., Illyashenko, O., & Kharchenko, V. Funktsiyna bezpeka industrialʹnykh system. Standart IEC 61508 [Functional safety of industrial systems. Standard IEC 61508]. Kyiv, Tekhnichnyy Komitet 185 «Promyslova Avtomatyzatsiya» Publ., 2019. 37 p. Available at: https://tk185.appau.org.ua/whitepapers/aCampus-whitepaper-IEC-61508+++.pdf (accessed 05 Jan 2024).

Kovalenko, A., & Rudenko, O. Gap-and-IMECA-Based Approach to Assessment of complex I&C Systems cyber security. Informatsionnyye tekhnologii v upravlenii, obrazovanii, nauke i promyshlennosti : monografiya [Information technologies in management, education, science and industry : monograph]. Kharkiv, Izdatel' Rozhko S. G. Publ., 2016. Razd. 2, pp. 27-40. Available at: http://www.repository.hneu.edu.ua/jspui/handle/123456789/13389 (accessed 05 Jan 2024).

Kharchenko, V. S., & Ivasiuk, O. O. Vykory¬stannya metodu veryfikatsiyi FMEDA/FIT dlya otsinyuvannya kiberbezpeky prohramovnoho lohichnoho kontrolera [Using the FMEDA/FIT verification method to assess the cybersecurity of a programmatic logic controller]. Systemy upravlinnya, navihatsiyi ta zvʺyazku. Zbirnyk naukovykh pratsʹ – Control, navigation and communication systems. Collection of scientific works. Poltava, PNTU Publ., 2023, vol. 4 (74), pp. 114-119. DOI: 10.26906/SUNZ.2023.4.114. (In Ukrainian).

Kharchenko, V., Odarushenko, O., Sklyar, V., & Ivasyuk, A. Fault insertion testing of FPGA-based NPP I&C systems: SIL certification issues. Proceedings of 22nd International Conference on Nuclear Engineering. Technical Publication ICONE22, 2014, vol. 6. Nuclear Education, Public Acceptance and Related Issues; Instrumentation and Controls (I&C); Fusion Engineering; Beyond Design Basis Events. DOI: 10.1115/ICONE22-31163.

Symonov, A., Klevtsov, O., Trubchaninov, S., & Symonova, A. Kiberzakhyst informatsiynykh ta keruyuchykh system AES: otsinyuvannya ryzykiv [Cyber protection of NPP information and control systems: risk assessment]. Yaderna ta radiatsiyna bezpeka – Nuclear and radiation safety, 2022, vol. 4(96), pp. 62-70. DOI: 10.32918/nrs.2022.4(96).08. (In Ukrainian).

Babeshko, E., Illiashenko, O., Kharchenko, V., & Leontiev, K. Towards Trustworthy Safety Assessment by Providing Expert and Tool-Based XMECA Techniques. Mathematics, 2022, vol. 10, iss. 13, article no. 2297. DOI: 10.3390/math10132297.

Babeshko, I., Leontiiev, K., Kharchenko, V., Kovalenko, A., & Brezhniev, E. Application of Assumption Modes and Effects Analysis to XMECA. Theory and Engineering of Dependable Computer Systems and Networks. DepCoS-RELCOMEX 2021, Springer, Cham, 2021, vol. 1389, pp. 1-11. DOI: 10.1007/978-3-030-76773-0_1.

Śliwiński, M., & Piesik, E. Integrated approach for functional safety and cyber security management in maritime critical infrastructures. Journal of Polish Safety and Reliability Association Summer Safety and Reliability Seminars, 2019, vol. 10, iss. 1-2, pp. 137-149. Available at: http://jpsra.am.gdynia.pl/wp-content/uploads/2019/04/JPSRA2019-VOL10-Sliwinski_Piesik.pdf (accessed 05 Jan 2024).

Yastrebenetsky, M. A., & Kharchenko, V. S. (editors). Cyber Security and Safety of Nuclear Power Plant Instrumentation and Control Systems. IGI Global, 2020. 501 p. DOI: 10.4018/978-1-7998-3277-5.

ISA/IEC 62443 Series of Standards. Consensus-Based Automation and Control Systems Cybersecurity Standards. Parts 1-13. International Electrotechnical Commission. Available at: https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards – (accessed 05 Jan 2024).

ISO/IEC 15408:2009. Information technology Security techniques – Evaluation criteria for IT security. Part 1-3. International Electrotechnical Commission, Geneva. Available at: https://standards.iteh.ai/catalog/standards/cen/a964a0a1-56f3-4a0d-a485-4ca5a03f0a77/en-iso-iec-15408-1-2020 (accessed 05 Jan 2024).

Hajda, J., Jakuszewski, R., & Ogonowski, S. Security Challenges in Industry 4.0 PLC Systems. Appl. Sci., 2021, vol. 11, iss. 21, article no. 9785. DOI: 10.3390/app11219785.

Spenneberg, R., Brüggemann, M., & Schwartke, H. PLC-Blaster: A Worm Living Solely in the PLC. Available at: https://www.blackhat.com/docs/asia-16/materials/asia-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC-wp.pdf (accessed 08 Sept. 2021).

603-2018 IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations (Revision of IEEE Std 603-2009), IEEE New York, 2018. Available at: https://www.scribd.com/document/498969031/603-2018-IEEE-Standard-Criteria-for-Safety-Systems-for-Nuclear-Power-Generating-Stations (accessed 08 Jan. 2024).

Al Farooq A., Marquard, J., George, K., & Moyer, T. Detecting Safety and Security Faults in PLC Systems with Data Provenance. 2019 IEEE International Symposium on Technologies for Homeland Security (HST), Woburn, MA, USA, 2019, pp. 1-6. DOI: 10.1109/HST47167.2019.9032992.

Sino-German White Paper on Functional Safety for Industrie 4.0 and Intelligent Manufacturing. Federal Ministry for Economic Affairs and Energy Public Relations Division, July 2020. Available at: https://www.scribd.com/document/498969031/603-2018-IEEE-Standard-Criteria-for-Safety-Systems-for-Nuclear-Power-Generating-Stations (accessed 15 Jan. 2024).

Meany, T. Functional safety and Industrie 4.0. 28th Irish Signals and Systems Conference (ISSC), Killarney, Ireland, June 2017, pp. 1-7. DOI: 10.1109/ISSC.2017.7983633.

Bloomfield, R., Netkachova, K., & Stroud, R. Security-Informed Safety: If It’s Not Secure, It’s Not Safe. In: Gorbenko, A., Romanovsky, A., Kharchenko, V. (eds) Software Engineering for Resilient Systems. SERENE 2013. Lecture Notes in Computer Science, Springer, Berlin, Heidelberg, 2013, vol. 8166. DOI: 10.1007/978-3-642-40894-6_2.

Illiashenko, O., Kharchenko, V., Babeshko, I., Fesenko, H., & Di Giandomenico, F. Security-Informed Safety Analysis of Autonomous Transport Systems Considering AI-Powered Cyberattacks and Protection. Entropy, 2023, vol. 25, article no. 1123. DOI: 10.3390/e25081123.