Abstract:Cyber-physical production systems consist of highly specialized software and hardware components. Most components and communication protocols are not built according to the Secure by Design principle. Therefore, their resilience to cyberattacks is limited. This limitation can be overcome with common operational pictures generated by security monitoring solutions. These pictures provide information about communication relationships of both attacked and non-attacked devices, and serve as a decision-making basis for security officers in the event of cyberattacks. The objective of these decisions is to isolate a limited number of devices rather than shutting down the entire production system. In this work, we propose and evaluate a concept for finding the devices to isolate. Our approach is based on solving the Critical Node Cut Problem with Vulnerable Vertices (CNP-V) - an NP-hard computational problem originally motivated by isolating vulnerable people in case of a pandemic. To the best of our knowledge, this is the first work on applying CNP-V in context of cybersecurity.