Concrete Vs. Symbolic Simulation To Assess Cyber-Resilience Of Control Systems

State-of-the-art industrial control systems are complex implements featuring different spatial and temporal scales among components, multiple and distinct behavioral modalities, context-dependent and human-in-the-loop interaction patterns. Most control systems offer entry-points for malicious users to disrupt their functionality severely, which is unacceptable when they are part of the national critical infrastructure. Cyber-resilience, i.e., the ability of a system to sustain - possibly malicious - alterations while maintaining an acceptable functionality, is recognized as one of the keys to understand how much damage can be brought to a system and its surrounding environment in case of a successful cyber-attack. In this paper we compare methods to assess resilience considering both concrete simulation and symbolic simulation. Our ultimate goal is to provide maintainers and other stakeholders with a dynamic and quantitative measure of cyber-resilience. Here we present some results on a case study related to waste-water treatment, in order to provide initial evidence that concrete and symbolic simulation can be used in a complementary way to analyze the security of industrial control systems.