Leveraging LLMs and Knowledge Graphs to Design Secure Automation Systems

Abstract

The digital transformation of Industrial Control Systems (ICSs) within the Industry 4.0 paradigm is essential for industrial organizations to remain competitive, while cybersecurity is an enabler. However, security measures, often implemented late in the engineering process, lead to costly and complicated implementations. Thus, this article is concerned with the “security by design” principle in ICSs and facilitates compliance with ICS security standards, which can be legally mandated for some critical systems or adopted by asset owners to protect their assets. Current methods for compliance demand manual efforts from security experts, making the compliance process time-consuming and costly. To address this, we propose a framework for leveraging large language models (LLMs) combined with knowledge graphs to automate the interpretation of security requirements and system architecture as two main elements of the design phase. Our knowledge graph-augmented LLM framework converts system architectures into human natural language, enhancing the automation of various security analyses, especially those that need to handle textual requirements. The framework enables validating applicable security requirements provided by IEC 62443-3-3 (a widely-used ICS security standard) concerning system designs through a question-and-answer interface. To evaluate the framework, various questions with reference responses from human experts were prepared in the context of a use case, and the quality of the LLMs' responses was measured across various metrics. Moreover, we compared the framework with a baseline approach based on formal queries. The results show that the proposed framework effectively automates security tasks and offers a user-friendly interface accessible to nonexperts.