Aerospace Technic and Technology

The subject of this paper is the properties of instrumental and control systems (ICS) in terms of functional safety (FS) and cybersecurity (CS). This paper investigates the FS and CS of ICS, which are based on digital programmable logic controllers (PLC) and performing the safety related functions. The goal is to develop elements of the methodology for analyzing the design basis by considering the results of the evaluation of the FS of PLC systems (PLC-based ICS) to optimize the costs of such analysis. Objectives: to analyze PLC systems as an object of FS and CS assessment; to formulate and prove the key ideas of the Safety Informed Security (SfISc) concept; to discuss examples and limits of applicability of the formulated statements. The following results are obtained. The principle of the three equivalences is proposed and a generalized structural scheme for its representation is constructed. Two basic theorems are described and proved to establish a relationship between the level of cybersecurity of a PLC, in the presence of information about its functional safety. Based on the first-proven theorems, a basic model of PLC states with a functional safety level of SIL-3 is built in the case of a single hardware failure and/or cyberattack. The existing ontological model SISMECA, which is based on the principle of Security Informed Safety (ScISf), is supplemented. A well-known cyberattack involving a PLC system with high safety level is analyzed. Based on the proposed concept, one of the most likely scenarios of a cyberattack on a PLC in the “online” is evaluated. Conclusions. For the first time, the concept of mutual awareness of the function and cybersecurity of ICS based on PLC - SfISc - is proposed. The theoretical postulates described in this paper make it possible to assess the cybersecurity of a PLC based on previously performed safety assessments. The SfISc principle can be used in the following practical cases: in the process of licensing a new or modernized functional safety ICS; in determining the level of compliance of existing systems that are important for safety with new cybersecurity requirements; and in developing the requirements for a safety-related ICS.

information and control systems; programmable logic controller; self-diagnosis; cybersecurity; functional safety; principle of three equivalences; ScISf-SfISc principles

Baezner M., & Robin P. Hotspot Analysis: Stuxnet. Center for Security Studies (CSS), ETH Zürich, 2017. 15 p.

Mohee, A. A Realistic Analysis of the Stuxnet Cyber-attack. MA Arabic Studies – Political Sciences, Cairo March 2022. 11 p. DOI: 10.33774/apsa-2022-qs797.

Bloomfield, R., Netkachova, K., & Stroud, R. Security-Informed Safety: If It’s Not Secure, It’s Not Safe. In: Gorbenko, A., Romanovsky, A., Kharchenko, V. (eds) Software Engineering for Resilient Systems. SERENE 2013. Lecture Notes in Computer Science, Springer, Berlin, Heidelberg, 2013, vol. 8166. DOI: 10.1007/978-3-642-40894-6_2.

Bloomfield, R. Security Informed Safety. Why It’s Easy, Why It’s Hard. Adelard LLP. City, University of London, 2019.

Bloomfield, R., Bishop P., & Fletcher G. Impact of security on safety. Body of Knowledge 1.4 – cross-domain practical guidance. Adelard LLP. University of York, 2020.

National Protective Security Authority. Code of Practice for railways security informed safety. Available https://www.npsa.gov.uk/system/files/documents/npsa-rail-code-practice-security-informed-safety.pdf. (accessed 11.12.2024).

The British Standards Institution. Connected automotive ecosystems – Impact of security on safety – Code of practice. Revision PAS 11281:2018. 2018.

U.S. Nuclear Regulatory Commission. Cybersecurity Audits Alongside a Digital Instrumentation and Controls Licensing Review, Revision RIL 2024-09. May 2024.

Kharchenko, V. S., & Ivasiuk, O. O. Vykory¬stannya metodu veryfikatsiyi FMEDA/FIT dlya otsinyuvannya kiberbezpeky prohramovnoho lohichnoho kontrolera [Using the FMEDA/FIT verification method to assess the cybersecurity of a programmatic logic controller]. Systemy upravlinnya, navihatsiyi ta zvʺyazku. Zbirnyk naukovykh pratsʹ – Control, navigation and communication systems. Collection of scientific works. Poltava, PNTU Publ., 2023, vol. 4 (74), pp. 114-119. DOI: 10.26906/SUNZ.2023.4.114. (In Ukrainian).

Kharchenko, V. Illiashenko, O., Brezhnev, E., Boyarchuk, A., & Golovanevskiy, V. Security Informed Safety Assessment of Industrial FPGA-Based Systems. Probabilistic Safety Assessment and Management PSAM, 2014, vol. 12. Honolulu, Hawaii.

Shikhaliyev, R. Cybersecurity risks management of industrial control systems: A review. Problems of Information Technology, 2024, vol. 15, no. 1, pp. 37-43.

Kosmowski. K. Systems engineering approach to functional safety and cyber security of industrial critical installations. Safety and Reliability of Systems and Processes, Summer Safety and Reliability Seminar 2020, Gdynia Maritime University, 2020, pp. 135-151.

Malm, T., Berger, J., Tiusanen, R., Ranta, A., Seppälä, J., Silverajan, B., & Zhao, H. Comparison of cybersecurity and functional safety risk assessments. Research Report VTT-R-00499-24, VTT Technical Research Centre of Finland, 2024.

Spiteller, F. Dependencies Standards Pragmatic approaches. Seminar “Functional Safety and Validation”, Pune, 2023.

Oliveira, P. Functional Safety and Cybersecurity. FSCySec T65 Symposium, DEKRA. 2024.

The 61508 Association Guide of Compliance. Considerations for Cybersecurity during the Functional Safety Lifecycle, Version 1, 2020. 16 p.

Masood, R. Assessment of Cyber Security Challenges in Nuclear Power Plants Security Incidents, Threats, and Initiatives. Current Affiliation: National University of Sciences & Technology (NUST). Report GW-CSPRI-2016-03. 2016.

Choi, J-S., Gallagher, N., Harry, C. An Effect-Centric Approach to Assessing the Risks of Cyber Attacks Against the Digital Instrumentation and Control Systems at Nuclear Power Plants. Center for International and Security Studies at Maryland. CISSM Working Paper. 2020.

Stanley, N. Functional Safety Meets Cybersecurity. Smart Grid Security Summit. Miami, USA. 2017.

Srinivasan H., Karimi M., Threat-based security controls to protect industrial control systems. Cryptography and Security Cornell University, Ithaca, USA, 2025. 10 p.

Ivasyuk, O., & Kharchenko, V. Vykorystannya metodu veryfikatsiyi FMEDA/FIT dlya otsinyuvannya kiberbezpeky prohramovnoho lohichnoho kontrolera: nova interpretatsiya pryntsypu SIS [Application of the FMEDA/FIT Verification Method for Assessing Cybersecurity of a Programmable Logic Controller: A New Interpretation of the SIS Principle]. Aerospace Engineering and Technology, 2024, no. 1(193), pp. 76-90. DOI: 10.32620/aktt.2024.1.07. (In Ukrainian).

TXS Compact Platform Topical Report. NRC/Framatome Phase “0” Meeting. Framatome, 2024. Available at: https://www.nrc.gov/docs/ML2419/ML24193A231.pdf. (accessed 12.12.2024).

How Does Triton Attack Triconex Industrial Safety Systems? Cisco Blogs IoT Security Research Lab, 2021. Available at: https://blogs.cisco.com/security/how-does-triton-attack-triconex-industrial-safety-systems. (accessed 12.12.2024).

How Does Triton Attack Triconex Industrial Safety Systems? Glocomp, 2020. Available at: https://www.glocomp.com/how-does-triton-attack-triconex-industrial-safety-systems. (accessed 12.12.2024).

Analyzing the TRITON industrial malware. Midnight Blue, 2018. Available at: https://www.midnightblue.nl/blog/analyzing-the-triton-industrial-malware. (accessed 12.12.2024).

Illiashenko, O., Kharchenko, V., Babeshko, I., & Fesenko, H., Giandomenico F. Security-Informed Safety Analysis of Autonomous Transport Systems Considering AI-Powered Cyberattacks and Protection. Entropy, 2023, vol. 25, iss. 8, article no. 1123. 35 p. DOI: 10.3390/e25081123.