Khalaf,MahmoudPeters,LudgerWaedt,KarlDemmler, DanielKrupka, DanielFederrath, Hannes2022-09-282022-09-282022978-3-88579-720-3https://dl.gi.de/handle/20.500.12116/39486Safety I&C (Instrumentation & Control) and Operational I&C programmable digital systems are growing in complexity at a rapid pace while system designers, project architects, and cyber-security engineers work tirelessly to ensure the safety of the systems by complying with long lists of rules and regulations dictated by relevant regional & international standards [20; BQB17]. These standards are updated, withdrawn, replaced by a revised edition, and amended fairly frequently. Guaranteeing new and existing I&C system assets are still compliant is arduous, expensive, and time-consuming. In this paper, we propose an approach that assists in security modeling and system design by formulating the security controls and I&C assets in PDDL domain (Planning Domain Definition Language by D. McDermott et al. [D 98]). A domain-independent general purpose planner can explore the state space and provide a deterministic plan that transforms the initial state into the goal state. The initial state in this context can be the security threats from which the system needs protection. The goal state can be reaching a specific security degree (S1, S2, S3), satisfying risk management requirements, availability requirements, performance requirements, or a combination of them Tellabi et al. [Te18].enSecurity ControlsI&C System AssetsAI PlanningPDDLFirst-order Logic10.18420/inf2022_1311617-5468