Page 30 - Read Online
P. 30
Clédel et al. J Surveill Secur Saf 2020;1:11939 I http://dx.doi.org/10.20517/jsss.2020.08 Page 131 of 139
Table 2. Table of resilience evaluations.
Metrics
Reference Event Quantitative Quantitative Fuzzy Adversary Frameworks
specific probabilistic deterministic
Abimbola and Khan [46] ✓ ✓
Thompson et al. [45] ✓ ✓ ✓
Babiceanu and Seker [41] ✓ ✓ ✓
Francis and Bekera [15] ✓ ✓ ✓
Ayyub [27] ✓ ✓
Cai et al. [38] ✓ ✓
Gholami et al. [40] ✓ ✓
Rieger [39] ✓ ✓
Vugrin et al. [26] ✓ ✓
Wei and Ji [34] ✓ ✓
Clark and Sonouz [24] ✓ ✓ ✓
Sterbenz et al. [42] ✓ ✓ ✓ ✓
Holling [11] ✓
Shirali et al. [43] ✓
Azadeh et al. [50] ✓
Aleksic et al. [49] ✓ ✓
Clédel et al. [51] ✓ ✓
Muller [48] ✓ ✓
Linkov et al. [55,56] ✓
Sterbenz et al. [21] ✓ ✓
Mauthe et al. [2] ✓
Van Mieghem et al. [64] ✓
The ResiliNets strategy [21] is an architectural framework intended to enhance resilience of networks. This
framework is based on four axioms: (1) faults are inevitable; (2) normal operation has to be understood;
(3) adverse events have to be expected and prepared for; and (4) responses to adverse events are required.
According to these axioms, the ResiliNets strategy consists in two active phases. The first phase is composed
of four steps that are defending, detecting, remediating, and recovering from challenges and attacks, while the
second phase enables long-term evolution of the system through diagnostic of the root cause of the fault/attack
and refinement of the system behavior to improve the first phase mechanisms and thus to increase the system
resilience.
4.5. Adversarial events
Most contemporary control systems have been designed according to conventional model paradigms that
are system safety and risk assessment. Originally, these approaches only consider unexpected but accidental
events such as human errors or natural disasters. However, the emergence of cyber-physical systems and the
accessibility from the Internet of legacy equipment, reliable but not secured, imply that faults resulting from
the cyber-environment must be considered. However, only a few approaches presented in this article are able
to take these threats into consideration. Indeed, adversarial impacts are explicitly represented in the linear
time-invariant model that corresponds to a system [24] . According to Thompson et al. [45] , resilience only con-
cerns the handling of security breaches. As a consequence, this concept of resilience implies the management
of adversarial events. Other approaches (see, e.g., [42,48,49,51] ) do not represent events that could impact a sys-
tem but focus on system’s capacities and potentials that are available to handle events. This way, the specific
case of adversarial events can be considered without having to explicitly represent them. The counterpart is
the inefficiency of such approaches to assess the resilience of a system for a given perturbation. A classification
of resilience evaluations is provided in Table 2.
5. RESILIENCE COMPARED WITH OTHER NOTIONS
The term “resilience” is frequently used as a synonym of fault-tolerance [57] , adaptive systems [58,59] , self-
healing [60,61] , etc. However, resilience is a design paradigm for large scale and complex systems that en-
compass cybersecurity, physical security, economic efficiency, and dynamic stability [39] . Wei and Ji [34] con-
