Towards a zero trust hybrid security and safety risk analysis method

Nikolaos Papakonstantinou, Douglas L. van Bossuyt, Joonas Linnosmaa, Britta Hale, Bryan O’Halloran

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

5 Citations (Scopus)

Abstract

Designing and improving the resilience of complex sociotechnical/cyber-physical systems is not a simple task. Interdependencies between engineering domains can lead to emerging behavior which is difficult to predict and handle. Early identification of safety and security weaknesses of a safety-critical system leads to reduced redesign costs in later design phases. The scientific contribution of this paper is a method for early combined safety and security assessment based on interdisciplinary dependency models of the system. The focus is on the factors contributing to the estimation of the probabilities of successful attacks to system components. The Zero Trust paradigm is applied, in which all humans part of, or external to, the system pose a security risk. The estimation of security-related probabilities enables a combined safety and security overall risk calculation for the probability of losing specific key components or safety functions. The calculation of the security-related probabilities is a dynamic and difficult process that heavily depends on the domain and current global security environment. The methodology of this paper is demonstrated with a fictional case study of a spent fuel pool cooling system. The results of the case study showed that the overall risk of losing one key system component doubled when combining security and safety compared to only assessing safety events.
Original languageEnglish
Title of host publicationASME 2020 International Design Engineering Technical Conferences and Computers and Information in Engineering Conference
Subtitle of host publication40th Computers and Information in Engineering Conference (CIE)
PublisherAmerican Society of Mechanical Engineers (ASME)
Number of pages10
Volume9
ISBN (Print)978-0-7918-8398-3
DOIs
Publication statusPublished - 3 Nov 2020
MoE publication typeA4 Article in a conference publication
EventASME 2020 International Design Engineering Technical Conferences and Computers and Information in Engineering Conference, IDETC-CIE 2020 - Virtual, Online
Duration: 17 Aug 202019 Aug 2020

Conference

ConferenceASME 2020 International Design Engineering Technical Conferences and Computers and Information in Engineering Conference, IDETC-CIE 2020
CityVirtual, Online
Period17/08/2019/08/20

Funding

This research is partially supported by the VTT Technical Research Centre and the Naval Postgraduate School. Any opinions or findings of this work are the responsibility of the authors, and do not necessarily reflect the views of the sponsors or collaborators. The case study presented in this publication, while inspired by real systems, is intentionally fictional and idealized in nature.

Keywords

  • Complex systems
  • Risk
  • Safety
  • Security
  • Zero trust

Fingerprint

Dive into the research topics of 'Towards a zero trust hybrid security and safety risk analysis method'. Together they form a unique fingerprint.

Cite this