Harmonizing safety and security risk analysis and prevention in cyber-physical systems

Abstract

Cyber-physical system (CPS) has been widely adopted in modern industrial productions. Safety and security (S&S) play an important role in CPS, which assists the reliability of the system. Traditionally, safety and security risks were managed independently. As the development of cyber technology, S&S issues become complex and could affect each other in multiple ways. There is a strong need to develop a systematic method to manage safety and security risks simultaneously. In this work, a systematic method to integrately analyze S&S risks is proposed. Firstly, attack route models (ARM) as the root cause of typical cyber-threats are summarized from the literature together with their corresponding consequences in CPS. Secondly, in addition to commonly adopted physical safety prevention route (PSPR), cyber security prevention route (CSPR) based on ARM is developed to investigate the safety hazards and security threats. Then, safety critical variable analysis (SCVA) is proposed to quantify the S&S risk. Finally, SCVA, CSPR and PSPR are integrated via the bowtie method. The key contribution of the work is the method which simultaneously consider safety and security risk for CPS. In parallel. SCVA represents the working status of CPS devices, which would be useful to quantitatively determine the severity of consequence and further level of risk.