Cybersafety Analysis of Industrial Control System for Gas Turbines

As Industrial Control Systems (ICS) become increasingly software-intensive and more complex, the traditional approaches to cybersecurity that undertake a narrow, static technical view of the system are proving to be increasingly inept in the face of new threat vectors and vulnerabilities. To date, most attacks on Energy Systems have targeted either the IT infrastructure (e.g., the Aramco Shamoo attack) or Circuit breakers of Operational Technology (e.g., the Ukraine attack.). In such cases, recovery is usually rather fast – either by rebooting computers or resetting breakers. But, if the Operation Technology equipment, especially the important, large, customized equipment, is physically damaged, recovery can take weeks or even months. In this paper, we demonstrate the use of the Systems-Theoretic Process Analysis for Security (STPA-Sec) method to identify cyber vulnerabilities that have the potential to cause physical damage in industrial control systems using a gas turbine as a use-case. This analysis does not attempt to perform a complete analysis of the entire plant or the gas turbine; rather, it lays the foundation for the exercise in a rigorous, systematic fashion that could be emulated to perform a complete analysis. Several new requirements are identified to make the system more resilient which do not only span the technical aspects of the system but also the broader socioorganizational system.