Using structured assurance case approach to analyse security and reliability of critical infrastructures

Abstract

The evaluation of the security, reliability and resilience of critical infrastructures (CI) faces a wide range of challenges ranging from the scale and tempo of attacks to the need to address complex and interdependent systems of systems. Model-based approaches and probabilistic design are fundamental to the evaluation of CI and we need to know whether we can trust these models. This paper presents an approach we are developing to justify the models used to assure CI using structured assurance cases based on Claims, Arguments and Evidence (CAE). The modelling and quantitative evaluation of the properties are supported by the Preliminary Interdependency Analysis (PIA) method and platform applied to a case study – a reference power transmission network enhanced with an industrial distributed system of monitoring, protection and control. We discuss the usefulness of the modelling and assurance case structuring approaches, some findings from the case study, and outline the directions of further work.