A Model Based Framework for Testing Safety and Security in Operational Technology Environments

TL;DR

This paper introduces a model-based testing framework for assessing safety and security in operational technology environments, aiming to identify vulnerabilities and improve system resilience.

Contribution

It proposes a structured, four-part framework combining system modeling, testing foundations, mitigation strategies, and standard procedures for OT security and safety analysis.

Findings

Framework enables comprehensive attack surface analysis

Integrates safety and security standards with vulnerability data

Aims to enhance protection and system quality

Abstract

Todays industrial control systems consist of tightly coupled components allowing adversaries to exploit security attack surfaces from the information technology side, and, thus, also get access to automation devices residing at the operational technology level to compromise their safety functions. To identify these concerns, we propose a model-based testing approach which we consider a promising way to analyze the safety and security behavior of a system under test providing means to protect its components and to increase the quality and efficiency of the overall system. The structure of the underlying framework is divided into four parts, according to the critical factors in testing of operational technology environments. As a first step, this paper describes the ingredients of the envisioned framework. A system model allows to overview possible attack surfaces, while the foundations of testing and the recommendation of mitigation strategies will be based on process-specific safety and security standard procedures with the combination of existing vulnerability databases.