Integrating redundancy, diversity, and hardening to improve security of industrial internet of things

As the Industrial Internet of Things (IIoT) becomes more ubiquitous in critical application domains, such as smart water-distribution and transportation systems, providing security and resilience against cyber-attacks grows into an issue of utmost importance. Cyber-attacks against critical infrastructure pose significant threats to public health and safety. To alleviate the severity of these threats, various security techniques are available, including redundancy, diversity, and hardening. However, no single technique can address the whole spectrum of cyber-attacks that may be launched by a determined and resourceful attacker. In light of this, we consider a multi-pronged approach that integrates redundancy (deploying additional components and devices), diversity (using multiple implementation variants), and hardening (reinforcing individual components) techniques for designing secure and resilient IIoT systems. We introduce a framework for quantifying cyber-security risks and optimizing IIoT design. We show that finding optimal designs is an NP-hard problem, and then present an efficient meta-heuristic algorithm that finds near optimal designs in practice. To demonstrate the applicability of our framework, we present two case studies in water-distribution and transportation systems. Our numerical evaluation shows that integrating redundancy, diversity, and hardening can lead to reduced security risks at the same cost.