Journals - MOST Wiedzy

Abstract

Pipelines transporting oil, gas, water, and other substances form part of the critical infrastructure of the society and are mostly controlled by advanced automation technology. This automation enables remote control and monitoring of pipeline operations by means of wide area networks that include microwaves, satellites, and cellular technologies. Often these pipeline control systems are also connected to the Internet to permit their operational control from anywhere. However, this bridging of the so-called “air-gap” between the critical infrastructure control system and the Internet has also introduced cybersecurity weaknesses that allows malicious actors to take control away from legitimate users of the system. While cybersecurity needs to be built into the system during the design phase itself, it is important, especially after a cybersecurity incident, to know the actual causes behind the incident so that appropriate countermeasures may be taken quickly to avoid a recurrence of the incident. Typical techniques to identify these root causes include five whys, fishbone diagrams, and causal factors analysis; this paper presents an alternate technique to identify root causes for pipeline cybersecurity incidents based on the NFR Approach where NFR stands for Non-Functional Requirements of the pipeline system. The NFR Approach starts with the requirements for the system in the first place, establishes the relationships between the design of the system and its requirements, and then identifies the root causes in a structured manner. In this paper, the NFR Approach is applied to analyze root causes of the Florida water system attack that occurred in February 2021. The advantages of the NFR Approach over traditional methods to identify root causes especially for pipeline incidents include the traceability of the causes to the requirements of the system, identification of synergistic and conflicting operational goals, and historical record-keeping.