Automated Security Risk Identification Using AutomationML-based Engineering Data

Systems integrators and vendors of industrial components need to establish a security-by-design approach, which includes the assessment and subsequent treatment of security risks. However, conducting security risk assessments along the engineering process is a costly and labor-intensive endeavor due to the complexity of the system(s) under consideration and the lack of automated methods. This, in turn, hampers the ability of security analysts to assess risks pertaining to cyber-physical systems (CPSs) in an efficient manner. In this work, we propose a method that automatically identifies security risks based on the CPS's data representation, which exists within engineering artifacts. To lay the foundation for our method, we present security-focused semantics for the engineering data exchange format AutomationML (AML). These semantics enable the reuse of security-relevant know-how in AML artifacts by means of a formal knowledge representation, modeled with a security-enriched ontology. Our method is capable of automating the identification of security risk sources and potential consequences in order to construct cyber-physical attack graphs that capture the paths adversaries may take. We demonstrate the benefits of the proposed method through a case study and an open-source prototypical implementation. Finally, we prove that our solution is scalable by conducting a rigorous performance evaluation.