Usable Security Model for Industrial Control Systems - Authentication and Authorisation Workflow

Industrial Control Systems (ICS) run critical large-scale systems that are needed in everyday society. These include systems such as: power, water treatment and manufacturing. However, legacy systems are widely utilized in ICS settings and updating, regular patching and modern cryptographic and authentication systems are not often feasible due to safety and real-time constraints. Therefore, ICS rely on Operators and Control Engineers to work on legacy systems which lack usable security. There has been a shortage of work which examines usable security challenges within ICS and a lack of empirical insights that bring to the fore the specific challenges and constraints impacting usable security in such systems. What may make perfect sense from an HCI standpoint may not be feasible due to the security and control systems constraints. We, therefore, conducted a participatory study where we asked participants from Human Computer Interaction (HCI) and Security background to draw their ideal authentication and authorisation workflow - as these mechanisms are seen to be first line of defence and are used in all systems. We recruited participants from these speciality backgrounds in an attempt to identify different perspectives on usable security challenges and what threats emerge due to different design choices or constraints. We elicit the threats emerging from our study, categorise them using STRIDE threat modelling analysis and refine models from theoretical studies. We found a lack of usable security factors such as satisfactory when designing these security configurations. This raises concerns that users are not confident whether they have completed their configurations accurately therefore leading to misconfigurations which raises the risk of an attack. Prior studies stated this is due to users’ lack of abilities such as knowledge/skills. But, little work points out to these legacy systems’ lack of abilities - to provide appropriate feedback which can contribute and nurture users’ knowledge to cope with the environment. This study alters the existing theoretical security usability model for ICS and offers insights into mechanisms for conveying semantics to minimise misconfigurations.