Concrete vs. Symbolic Simulation To Assess Cyber-Resilience Of Control Systems

State-of-the-art industrial control systems are complex implements featuring different spatial and temporal scales among components, multiple and distinct behavioral modal-ities, context-dependent and human-in-the-loop interaction patterns. Most control systems offer entry-points for mali-cious users to disrupt their functionality severely, which is unacceptable when they are part of the national critical in-frastructure. Cyber-resilience, i.e., the ability of a system to sustain — possibly malicious — alterations while main-taining an acceptable functionality, is recognized as one of the keys to understand how much damage can be brought to a system and its surrounding environment in case of a suc-cessful cyber-attack. In this paper we compare methods to assess resilience considering both concrete simulation and symbolic simulation. Our ultimate goal is to provide main-tainers and other stakeholders with a dynamic and quanti-tative measure of cyber-resilience. Here we present some results on a case study related to waste-water treatment, in order to provide initial evidence that concrete and symbolic simulation can be used in a complementary way to analyze the security of industrial control systems.