Cyber LOPA: A New Approach for CPS Safety Design in the Presence of Cyber Attacks

05/30/2020
by   Ashraf Tantawy, et al.
0

Safety risk assessment is an essential process to ensure a dependable Cyber-Physical Systems (CPS) design. Traditional risk assessment considers only physical failures. For modern CPS, failures caused by cyberattacks are on the rise. The focus of latest research effort is on safety-security lifecycle integration and the expansion of modeling formalism for risk assessment to incorporate security failures. The interaction between safety and security and its impact on the overall system design, as well as the reliability loss resulting from ignoring security failures are some of the overlooked research questions. This paper addresses these research questions by presenting a new safety design method named Cyber Layer Of Protection Analysis (CLOPA) that extends existing LOPA framework to include failures caused by cyberattacks. The proposed method provides a rigorous mathematical formulation that expresses quantitatively the tradeoff between designing a highly-reliable versus a highly-secure CPS. We further propose a co-design lifecycle process that integrates the safety and security risk assessment processes. We evaluate the proposed CLOPA approach and the integrated lifecycle on a practical case study of a process reactor controlled by an industrial control testbed, and provide a comparison between the proposed CLOPA and current LOPA risk assessment practice.

READ FULL TEXT

Authors

page 1

05/28/2020

Model-Based Risk Assessment for Cyber Physical Systems Security

Traditional techniques for Cyber-Physical Systems (CPS) security design ...
02/18/2021

ReSonAte: A Runtime Risk Assessment Framework for Autonomous Systems

Autonomous CPSs are often required to handle uncertainties and self-mana...
06/09/2020

An Ontological Metamodel for Cyber-Physical System Safety, Security, and Resilience Coengineering

System complexity has become ubiquitous in the design, assessment, and i...
02/12/2019

Parametric analyses of attack-fault trees

Risk assessment of cyber-physical systems, such as power plants, connect...
12/30/2020

Security Engineering for ISO 21434

The ISO 21434 is a new standard that has been proposed to address the fu...
03/11/2020

A Methodology for Automating Assurance Case Generation

Safety Case has become an integral component for safety-certification in...
05/02/2018

A Data-Driven Residential Transformer Overloading Risk Assessment Method

Residential transformer population is a critical type of asset that many...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.