Consideration for formal cybersecurity models in I&C system design

The paper presents the problem of tighten cybersecurity of Instrumentation and Control (I&C) systems by mean of formal security models. The formal security models were developed for IT sector and may be used with some care for assessing the cybersecurity in I&C systems. When the formal security models are assessed intrinsically, it is assumed that the main security axiom as it was formulated for computer security is true. The interpretation of this axiom should consider the differences in security policy for I&C and general IT systems. The main goal for cybersecurity is availability which normally has minor importance for IT and therefore omitted in security models. We propose using the additional model for assessing the availability via timing relation between objects in the model. The integrity goal has also different interpretation in IT and I&C cybersecurity. In the last case the integrity of data and methods of processing have equal importance. This feature also should be reflected in formal security models.