A Systems Dynamics View of Security Assurance Issues: "The Curse of Complexity and Avoiding Chaos"

ISA 99 defines security assurance as the target level of security that corresponds to the effectiveness of countermeasures to thwart cyber attacks against industrial automation systems. ISA intends to provide a scale of target levels of security which asset owners can then use to establish a minimum set of operational requirements. Each set is designed to protect selected zones or conduits against access to and use of devices, systems and data. Sounds good, but the complexities of this approach are exposed when the mathematics of the proposed model are well understood. In this paper a notional time/event model is used to describe the temporal characteristics of security assurance and the need to account for time dynamics and event dynamics. Because of the complexities, the common approach is to implement defense-in-depth mechanisms. Using a systems dynamics model, this paper shows why such mechanisms may make matters worse by significantly degrading the security assurance level.