A Model-based Approach to Interdependency between Safety and Security in ICS

Abstract: Wide use of modern ICT technologies brings not only communication efficiency, but also security vulnerabilities into industrial control systems. Traditional physically-isolated systems are now required to take cyber security into consideration, which might also lead to system failures. However, integrating security and safety analysis has always been a challenging issue and the various interdependencies between them make it even more difficult, because they might mutually enhance, or undermine. The paper propo… Show more

“…Fifteen studies 23–37 out of those 51 were focusing exclusively on requirements modeling of such systems. Thirty‐one studies 38–68 were focusing on both requirements modeling and analysis. A few studies were either focusing solely on requirements analysis 69–72 or requirements traceability 73 …”

“…However, an interesting point to note is that all these publications stemmed from a single group applying a particular method: Abstract State Machines. Pipeline systems, on the other hand, were mainly dealing with the oil industry 46,49,88,95,96 . The use of power grid systems has been mentioned in previous studies 69,83,104,120,126 …”

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

“…Fifteen studies 23–37 out of those 51 were focusing exclusively on requirements modeling of such systems. Thirty‐one studies 38–68 were focusing on both requirements modeling and analysis. A few studies were either focusing solely on requirements analysis 69–72 or requirements traceability 73 …”

“…However, an interesting point to note is that all these publications stemmed from a single group applying a particular method: Abstract State Machines. Pipeline systems, on the other hand, were mainly dealing with the oil industry 46,49,88,95,96 . The use of power grid systems has been mentioned in previous studies 69,83,104,120,126 …”

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

“…(ii) more advanced attacker models or attacking heuristics are needed to select the next weakness to exploit. (iii) as addressed in [13], security controls might have potential negative sideeffects to the other important criteria of ICS, such as safety, performance and availability. We will look for possible extensions to model those criteria into the simulation.…”

“…Requirement nodes capture safety-related objectives, which are used to evaluate the impact of cyber attacks on the system safety. Detailed modelling and reasoning about these requirements can be found in [13]. Definition 2.…”

“…We express an acceptable level of risk by conceptual safety-related requirements of ICS [13] such as the integrity of monitoring data, the availability of control and reliable communication. Cyber attacks targeting ICS might violate such requirements to a certain degree.…”

Effective Defence Against Zero-Day Exploits Using Bayesian Networks

Integrated Safety-Security Risk Assessment for Production Systems: A Use Case Using Bayesian Belief Networks