Resiliency Graph (RG)
We present a novel modeling paradigm, Resiliency Graph (RG) that combines the power of Natural Language Processing (NLP) and AI Planning (PDDL) to evaluate and analyze how a cyber-attack can trigger safety events in the CPS.
Operation efficiency in cyber physical system (CPS) has been significantly improved by digitalization of industrial control systems (ICS). However, digitalization exposes ICS to cyber attacks. Of particular concern are cyber attacks that trigger ICS failure. To determine how cyber attacks can trigger failures and thereby improve the resiliency posture of CPS, this study presents the Resiliency Graph (RG) framework that integrates Attack Graphs (AG) and Fault Trees (FT). RG uses AI planning to establish associations between vulnerabilities and system failures thereby enabling operators to evaluate and manage system resiliency. Our deterministic approach represents both system failures and cyber attacks as a structured set of prerequisites and outcomes using a novel AI planning language. AI planning is then used to chain together the causes and the consequences. Empirical evaluations on various ICS network configurations validate the framework's effectiveness in capturing how cyber attacks trigger failures and the framework's scalability.