Risk assessment of machinery system with respect to safety and cyber-security

Research output: Book/ReportReportProfessional

Abstract

This report is related to the concern that a cyber-security risk could cause a safety risk and furthermore an accident. There is already a tradition for how to treat safety risks related to automated machinery, but cyber-security is quite new aspect. A cyber-security issue can cause malfunction of a safety function or inherently safe design can be somehow bypassed. When looking the risks in details, it can be seen that the cyber-security/safety risk of automation is usually related to the safety integrity, availability or response time of the safety-related control system. Furthermore, the cyber-security issue is usually related to software and human access to the system. The risk assessment processes for safety and cyber-security have similar phases, but the point of view is different. The cause of an incident is from the safety point of view usually failure, misuse or disturbance of a system whereas from the cyber-security point of view an incident may originate from a threat and vulnerability and in most cases human is causing it. We conclude that it would be difficult to benefit from a complete integration of safety and cyber-security risk assessment processes into a single analysis, because there would be so many aspects to consider and only few mutual effects. lt is recommended that the risks assessments are compiled separately, however, any identified safety-critical cyber-security issues should be added to the safety risk assessment process and associated risk treatment be validated according to safety process. The conclusion related to functional safety and cyber-security can be mutual.
Original languageEnglish
PublisherVTT Technical Research Centre of Finland
Number of pages26
Publication statusPublished - 19 Mar 2018
MoE publication typeNot Eligible

Publication series

NameResearch Report
PublisherVTT
No.VTT-R-01428-18

Fingerprint

Risk assessment
Machinery
Accidents
Automation
Availability
Control systems

Keywords

  • Safety
  • cyber-security
  • machinery

Cite this

Malm, T., Ahonen, T., & Välisalo, T. (2018). Risk assessment of machinery system with respect to safety and cyber-security. VTT Technical Research Centre of Finland. VTT Research Report, No. VTT-R-01428-18
Malm, Timo ; Ahonen, Toni ; Välisalo, Tero. / Risk assessment of machinery system with respect to safety and cyber-security. VTT Technical Research Centre of Finland, 2018. 26 p. (VTT Research Report; No. VTT-R-01428-18).
@book{414408251d534f0eb1c5ad2a0aab8b51,
title = "Risk assessment of machinery system with respect to safety and cyber-security",
abstract = "This report is related to the concern that a cyber-security risk could cause a safety risk and furthermore an accident. There is already a tradition for how to treat safety risks related to automated machinery, but cyber-security is quite new aspect. A cyber-security issue can cause malfunction of a safety function or inherently safe design can be somehow bypassed. When looking the risks in details, it can be seen that the cyber-security/safety risk of automation is usually related to the safety integrity, availability or response time of the safety-related control system. Furthermore, the cyber-security issue is usually related to software and human access to the system. The risk assessment processes for safety and cyber-security have similar phases, but the point of view is different. The cause of an incident is from the safety point of view usually failure, misuse or disturbance of a system whereas from the cyber-security point of view an incident may originate from a threat and vulnerability and in most cases human is causing it. We conclude that it would be difficult to benefit from a complete integration of safety and cyber-security risk assessment processes into a single analysis, because there would be so many aspects to consider and only few mutual effects. lt is recommended that the risks assessments are compiled separately, however, any identified safety-critical cyber-security issues should be added to the safety risk assessment process and associated risk treatment be validated according to safety process. The conclusion related to functional safety and cyber-security can be mutual.",
keywords = "Safety, cyber-security, machinery",
author = "Timo Malm and Toni Ahonen and Tero V{\"a}lisalo",
year = "2018",
month = "3",
day = "19",
language = "English",
series = "Research Report",
publisher = "VTT Technical Research Centre of Finland",
number = "VTT-R-01428-18",
address = "Finland",

}

Malm, T, Ahonen, T & Välisalo, T 2018, Risk assessment of machinery system with respect to safety and cyber-security. VTT Research Report, no. VTT-R-01428-18, VTT Technical Research Centre of Finland.

Risk assessment of machinery system with respect to safety and cyber-security. / Malm, Timo; Ahonen, Toni; Välisalo, Tero.

VTT Technical Research Centre of Finland, 2018. 26 p. (VTT Research Report; No. VTT-R-01428-18).

Research output: Book/ReportReportProfessional

TY - BOOK

T1 - Risk assessment of machinery system with respect to safety and cyber-security

AU - Malm, Timo

AU - Ahonen, Toni

AU - Välisalo, Tero

PY - 2018/3/19

Y1 - 2018/3/19

N2 - This report is related to the concern that a cyber-security risk could cause a safety risk and furthermore an accident. There is already a tradition for how to treat safety risks related to automated machinery, but cyber-security is quite new aspect. A cyber-security issue can cause malfunction of a safety function or inherently safe design can be somehow bypassed. When looking the risks in details, it can be seen that the cyber-security/safety risk of automation is usually related to the safety integrity, availability or response time of the safety-related control system. Furthermore, the cyber-security issue is usually related to software and human access to the system. The risk assessment processes for safety and cyber-security have similar phases, but the point of view is different. The cause of an incident is from the safety point of view usually failure, misuse or disturbance of a system whereas from the cyber-security point of view an incident may originate from a threat and vulnerability and in most cases human is causing it. We conclude that it would be difficult to benefit from a complete integration of safety and cyber-security risk assessment processes into a single analysis, because there would be so many aspects to consider and only few mutual effects. lt is recommended that the risks assessments are compiled separately, however, any identified safety-critical cyber-security issues should be added to the safety risk assessment process and associated risk treatment be validated according to safety process. The conclusion related to functional safety and cyber-security can be mutual.

AB - This report is related to the concern that a cyber-security risk could cause a safety risk and furthermore an accident. There is already a tradition for how to treat safety risks related to automated machinery, but cyber-security is quite new aspect. A cyber-security issue can cause malfunction of a safety function or inherently safe design can be somehow bypassed. When looking the risks in details, it can be seen that the cyber-security/safety risk of automation is usually related to the safety integrity, availability or response time of the safety-related control system. Furthermore, the cyber-security issue is usually related to software and human access to the system. The risk assessment processes for safety and cyber-security have similar phases, but the point of view is different. The cause of an incident is from the safety point of view usually failure, misuse or disturbance of a system whereas from the cyber-security point of view an incident may originate from a threat and vulnerability and in most cases human is causing it. We conclude that it would be difficult to benefit from a complete integration of safety and cyber-security risk assessment processes into a single analysis, because there would be so many aspects to consider and only few mutual effects. lt is recommended that the risks assessments are compiled separately, however, any identified safety-critical cyber-security issues should be added to the safety risk assessment process and associated risk treatment be validated according to safety process. The conclusion related to functional safety and cyber-security can be mutual.

KW - Safety

KW - cyber-security

KW - machinery

M3 - Report

T3 - Research Report

BT - Risk assessment of machinery system with respect to safety and cyber-security

PB - VTT Technical Research Centre of Finland

ER -

Malm T, Ahonen T, Välisalo T. Risk assessment of machinery system with respect to safety and cyber-security. VTT Technical Research Centre of Finland, 2018. 26 p. (VTT Research Report; No. VTT-R-01428-18).