Abstract
Designing and improving the resilience of complex sociotechnical/cyber-physical systems is not a simple task. Interdependencies between engineering domains can lead to emerging behavior which is difficult to predict and handle. Early identification of safety and security weaknesses of a safety-critical system leads to reduced redesign costs in later design phases. The scientific contribution of this paper is a method for early combined safety and security assessment based on interdisciplinary dependency models of the system. The focus is on the factors contributing to the estimation of the probabilities of successful attacks to system components. The Zero Trust paradigm is applied, in which all humans part of, or external to, the system pose a security risk. The estimation of security-related probabilities enables a combined safety and security overall risk calculation for the probability of losing specific key components or safety functions. The calculation of the security-related probabilities is a dynamic and difficult process that heavily depends on the domain and current global security environment. The methodology of this paper is demonstrated with a fictional case study of a spent fuel pool cooling system. The results of the case study showed that the overall risk of losing one key system component doubled when combining security and safety compared to only assessing safety events.
Original language | English |
---|---|
Title of host publication | ASME 2020 International Design Engineering Technical Conferences and Computers and Information in Engineering Conference |
Subtitle of host publication | 40th Computers and Information in Engineering Conference (CIE) |
Publisher | American Society of Mechanical Engineers (ASME) |
Number of pages | 10 |
Volume | 9 |
ISBN (Print) | 978-0-7918-8398-3 |
DOIs | |
Publication status | Published - 3 Nov 2020 |
MoE publication type | A4 Article in a conference publication |
Event | ASME 2020 International Design Engineering Technical Conferences and Computers and Information in Engineering Conference, IDETC-CIE 2020 - Virtual, Online Duration: 17 Aug 2020 → 19 Aug 2020 |
Conference
Conference | ASME 2020 International Design Engineering Technical Conferences and Computers and Information in Engineering Conference, IDETC-CIE 2020 |
---|---|
City | Virtual, Online |
Period | 17/08/20 → 19/08/20 |
Funding
This research is partially supported by the VTT Technical Research Centre and the Naval Postgraduate School. Any opinions or findings of this work are the responsibility of the authors, and do not necessarily reflect the views of the sponsors or collaborators. The case study presented in this publication, while inspired by real systems, is intentionally fictional and idealized in nature.
Keywords
- Complex systems
- Risk
- Safety
- Security
- Zero trust