Cyber LOPA: A New Approach for CPS Safety Design in the Presence of Cyber Attacks
Safety risk assessment is an essential process to ensure a dependable Cyber-Physical Systems (CPS) design. Traditional risk assessment considers only physical failures. For modern CPS, failures caused by cyberattacks are on the rise. The focus of latest research effort is on safety-security lifecycle integration and the expansion of modeling formalism for risk assessment to incorporate security failures. The interaction between safety and security and its impact on the overall system design, as well as the reliability loss resulting from ignoring security failures are some of the overlooked research questions. This paper addresses these research questions by presenting a new safety design method named Cyber Layer Of Protection Analysis (CLOPA) that extends existing LOPA framework to include failures caused by cyberattacks. The proposed method provides a rigorous mathematical formulation that expresses quantitatively the tradeoff between designing a highly-reliable versus a highly-secure CPS. We further propose a co-design lifecycle process that integrates the safety and security risk assessment processes. We evaluate the proposed CLOPA approach and the integrated lifecycle on a practical case study of a process reactor controlled by an industrial control testbed, and provide a comparison between the proposed CLOPA and current LOPA risk assessment practice.
READ FULL TEXT