Assets Criticality Assessment of Industrial Control Systems: A Wind Farm Case Study

The increasing growth of threats to Industrial Control Systems (ICS) in the energy sector puts this critical infrastructure at high risk. Consequently, holistic approaches are needed to assess the criticality of ICS assets, identify relevant security threats, and develop mitigation techniques to make the energy critical infrastructure cyber-resilient. This paper presents a methodology for analyzing the criticality and resiliency of ICS assets by assessing the impact caused by attacks on such assets. Our approach consists of modeling the ICS architecture in a form that is suitable for analysis. We use Coloured Petri Nets (CPN) for formal representation and analysis - CPN is supported by automated tools for analysis and it has been used for verification of real-world systems. We use Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) for evaluating the threats in the ICS architecture. We use Microsoft Threat Modeling Tool (MTMT) for ICS threat modeling that classifies the threats into the categories defined in STRIDE. Based on the type of threat on each asset and its impact on the entire ICS, we rank the asset's criticality. The threat modeling framework assesses the criticality and resiliency of tangible and intangible assets, thus addressing the gap in the current research. Threat models are also converted into CPN models. The CPN models of the ICS architecture and the threat model are then composed. The methodology then verifies the resulting CPN. This verification explores the system states where the ICS cannot resist the attacks and identifies the ICS's critical assets that have been compromised. The methodology is applied to a wind farm system comprising many distributed subsystems connected via various networks. The result shows that the methodology is practical for the ICS verification and assets criticality assessment, providing recommended mitigations to construct a robust ICS.