Risk assessment of machinery system with respect to safety and cyber-security

    Research output: Book/ReportReport

    Abstract

    This report is related to the concern that a cyber-security risk could cause a safety risk and furthermore an accident. There is already a tradition for how to treat safety risks related to automated machinery, but cyber-security is quite new aspect. A cyber-security issue can cause malfunction of a safety function or inherently safe design can be somehow bypassed. When looking the risks in details, it can be seen that the cyber-security/safety risk of automation is usually related to the safety integrity, availability or response time of the safety-related control system. Furthermore, the cyber-security issue is usually related to software and human access to the system. The risk assessment processes for safety and cyber-security have similar phases, but the point of view is different. The cause of an incident is from the safety point of view usually failure, misuse or disturbance of a system whereas from the cyber-security point of view an incident may originate from a threat and vulnerability and in most cases human is causing it. We conclude that it would be difficult to benefit from a complete integration of safety and cyber-security risk assessment processes into a single analysis, because there would be so many aspects to consider and only few mutual effects. lt is recommended that the risks assessments are compiled separately, however, any identified safety-critical cyber-security issues should be added to the safety risk assessment process and associated risk treatment be validated according to safety process. The conclusion related to functional safety and cyber-security can be mutual.
    Original languageEnglish
    PublisherVTT Technical Research Centre of Finland
    Number of pages26
    Publication statusPublished - 19 Mar 2018
    MoE publication typeNot Eligible

    Publication series

    SeriesVTT Research Report
    NumberVTT-R-01428-18

    Fingerprint

    Risk assessment
    Machinery
    Accidents
    Automation
    Availability
    Control systems

    Keywords

    • Safety
    • cyber-security
    • machinery

    Cite this

    Malm, T., Ahonen, T., & Välisalo, T. (2018). Risk assessment of machinery system with respect to safety and cyber-security. VTT Technical Research Centre of Finland. VTT Research Report, No. VTT-R-01428-18
    Malm, Timo ; Ahonen, Toni ; Välisalo, Tero. / Risk assessment of machinery system with respect to safety and cyber-security. VTT Technical Research Centre of Finland, 2018. 26 p. (VTT Research Report; No. VTT-R-01428-18).
    @book{414408251d534f0eb1c5ad2a0aab8b51,
    title = "Risk assessment of machinery system with respect to safety and cyber-security",
    abstract = "This report is related to the concern that a cyber-security risk could cause a safety risk and furthermore an accident. There is already a tradition for how to treat safety risks related to automated machinery, but cyber-security is quite new aspect. A cyber-security issue can cause malfunction of a safety function or inherently safe design can be somehow bypassed. When looking the risks in details, it can be seen that the cyber-security/safety risk of automation is usually related to the safety integrity, availability or response time of the safety-related control system. Furthermore, the cyber-security issue is usually related to software and human access to the system. The risk assessment processes for safety and cyber-security have similar phases, but the point of view is different. The cause of an incident is from the safety point of view usually failure, misuse or disturbance of a system whereas from the cyber-security point of view an incident may originate from a threat and vulnerability and in most cases human is causing it. We conclude that it would be difficult to benefit from a complete integration of safety and cyber-security risk assessment processes into a single analysis, because there would be so many aspects to consider and only few mutual effects. lt is recommended that the risks assessments are compiled separately, however, any identified safety-critical cyber-security issues should be added to the safety risk assessment process and associated risk treatment be validated according to safety process. The conclusion related to functional safety and cyber-security can be mutual.",
    keywords = "Safety, cyber-security, machinery",
    author = "Timo Malm and Toni Ahonen and Tero V{\"a}lisalo",
    year = "2018",
    month = "3",
    day = "19",
    language = "English",
    series = "VTT Research Report",
    publisher = "VTT Technical Research Centre of Finland",
    number = "VTT-R-01428-18",
    address = "Finland",

    }

    Malm, T, Ahonen, T & Välisalo, T 2018, Risk assessment of machinery system with respect to safety and cyber-security. VTT Research Report, no. VTT-R-01428-18, VTT Technical Research Centre of Finland.

    Risk assessment of machinery system with respect to safety and cyber-security. / Malm, Timo; Ahonen, Toni; Välisalo, Tero.

    VTT Technical Research Centre of Finland, 2018. 26 p. (VTT Research Report; No. VTT-R-01428-18).

    Research output: Book/ReportReport

    TY - BOOK

    T1 - Risk assessment of machinery system with respect to safety and cyber-security

    AU - Malm, Timo

    AU - Ahonen, Toni

    AU - Välisalo, Tero

    PY - 2018/3/19

    Y1 - 2018/3/19

    N2 - This report is related to the concern that a cyber-security risk could cause a safety risk and furthermore an accident. There is already a tradition for how to treat safety risks related to automated machinery, but cyber-security is quite new aspect. A cyber-security issue can cause malfunction of a safety function or inherently safe design can be somehow bypassed. When looking the risks in details, it can be seen that the cyber-security/safety risk of automation is usually related to the safety integrity, availability or response time of the safety-related control system. Furthermore, the cyber-security issue is usually related to software and human access to the system. The risk assessment processes for safety and cyber-security have similar phases, but the point of view is different. The cause of an incident is from the safety point of view usually failure, misuse or disturbance of a system whereas from the cyber-security point of view an incident may originate from a threat and vulnerability and in most cases human is causing it. We conclude that it would be difficult to benefit from a complete integration of safety and cyber-security risk assessment processes into a single analysis, because there would be so many aspects to consider and only few mutual effects. lt is recommended that the risks assessments are compiled separately, however, any identified safety-critical cyber-security issues should be added to the safety risk assessment process and associated risk treatment be validated according to safety process. The conclusion related to functional safety and cyber-security can be mutual.

    AB - This report is related to the concern that a cyber-security risk could cause a safety risk and furthermore an accident. There is already a tradition for how to treat safety risks related to automated machinery, but cyber-security is quite new aspect. A cyber-security issue can cause malfunction of a safety function or inherently safe design can be somehow bypassed. When looking the risks in details, it can be seen that the cyber-security/safety risk of automation is usually related to the safety integrity, availability or response time of the safety-related control system. Furthermore, the cyber-security issue is usually related to software and human access to the system. The risk assessment processes for safety and cyber-security have similar phases, but the point of view is different. The cause of an incident is from the safety point of view usually failure, misuse or disturbance of a system whereas from the cyber-security point of view an incident may originate from a threat and vulnerability and in most cases human is causing it. We conclude that it would be difficult to benefit from a complete integration of safety and cyber-security risk assessment processes into a single analysis, because there would be so many aspects to consider and only few mutual effects. lt is recommended that the risks assessments are compiled separately, however, any identified safety-critical cyber-security issues should be added to the safety risk assessment process and associated risk treatment be validated according to safety process. The conclusion related to functional safety and cyber-security can be mutual.

    KW - Safety

    KW - cyber-security

    KW - machinery

    M3 - Report

    T3 - VTT Research Report

    BT - Risk assessment of machinery system with respect to safety and cyber-security

    PB - VTT Technical Research Centre of Finland

    ER -

    Malm T, Ahonen T, Välisalo T. Risk assessment of machinery system with respect to safety and cyber-security. VTT Technical Research Centre of Finland, 2018. 26 p. (VTT Research Report; No. VTT-R-01428-18).