Abstract
In collaborative automation systems, providing both security and safety assessments are getting increasingly important. As IoT systems gain momentum in the industrial domain, experts stress their concerns about security and safety. Improperly or carelessly deployed and configured systems hide security threats, and even raise issues on safety, as their behavior can threaten human life. The cloud based back-ends are getting used for processing sensor data – on the other hand, legacy equipment, which may contain sensitive information, is made interoperable with broader infrastructure. Safety risks can be triggered by attacks on the backend and confidential information is at risks by attacks on legacy equipment.
In order to maintain safe and secure operations, safety and cyber-security assessment methods have been established. There is an increased demand in modern industrial systems to perform these regularly. These methods however require a lot of time and effort to complete. A solution to this problem would be combining the assessments. This requires that proper safety and security analysis methods must be selected – those that have compatible elements.
In this paper we propose a method that combines the elements of existing methodologies, in order to make the safety and security analysis process more effective. Furthermore, we present a case study, where we verified the combined methodology.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
IEC 60812: Analysis techniques for system reliability - procedure for failure mode and effects analysis (FMEA)
IEC 60812: Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA) (2006)
ISO 61508: Functional safety of electrical/electronic/programmable electronic safety-related systems (2010)
ETSI - TS 102 165–1: Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability Analysis (2011)
SAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems (2016)
ISA: The 62443 series of standards - industrial automation and control systems security, December 2016. http://isa99.isa.org/Public/Information/The-62443-Series-Overview.pdf
Bloomfield, R., Netkachova, K., Stroud, R.: Security-informed safety: if it’s not secure, it’s not safe. In: Gorbenko, A., Romanovsky, A., Kharchenko, V. (eds.) SERENE 2013. LNCS, vol. 8166, pp. 17–32. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40894-6_2
Caralli, R., Stevens, J., Young, L., Wilson, W.: Introducing octave allegro: improving the information security risk assessment process. Technical report, CMU/SEI-2007-TR-012, Software Engineering Institute, Carnegie Mellon University, Pittsburgh (2007). http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8419
Haapanen, P., Helminen, A.: Failure mode and effects analysis of software-based automation systems. Techncial report, Radiation and Nuclear Safety Authority, Helsinki (Finland) (2002)
Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: 2009 9th International Conference on Intelligent Transport Systems Telecommunications, (ITST), pp. 641–646, October 2009
Howard, M., Lipner, S.: The Security Development Lifecycle. Microsoft Press, Redmond (2006)
Islam, M.M., Lautenbach, A., Sandberg, C., Olovsson, T.: A risk assessment framework for automotive embedded systems. In: Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security, CPSS 2016, pp. 3–14. ACM, New York (2016). http://doi.acm.org/10.1145/2899015.2899018
Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control Systems. Reliab. Eng. Syst. Saf. (2015). http://linkinghub.elsevier.com/retrieve/pii/S0951832015000538
Macher, G., Armengaud, E., Brenner, E., Kreiner, C.: A review of threat analysis and risk assessment methods in the automotive context. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 130–141. Springer, Cham (2016). doi:10.1007/978-3-319-45477-1_11
Microsoft: Microsoft Threat Modeling Tool 2016 download page (2016). https://www.microsoft.com/en-us/download/details.aspx?id=49168
SN 29500: Failure rates of components 6 (1996–06)
Park, K.C., Shin, D.H.: Security assessment framework for IoT service. Telecommun. Syst. 64(1), 193–209 (2017). doi:10.1007/s11235-016-0168-0
Piggin, R.S.H.: Development of industrial cyber security standards: IEC 62443 for SCADA and Industrial Control System security. In: IET Conference on Control and Automation 2013: Uniting Problems and Solutions, pp. 1–6, June 2013
Plósz, S., Hegedűs, C., Varga, P.: Advanced security considerations in the arrowhead framework. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 234–245. Springer, Cham (2016). doi:10.1007/978-3-319-45480-1_19
Scandariato, R., Wuyts, K., Joosen, W.: A descriptive study of Microsoft’s threat modeling technique. Requirements Eng. 20(2), 163–180 (2015). doi:10.1007/s00766-013-0195-2
Wiseman, D.R.: Risk, reliability and safety: innovating theory and practice. In: Attack tree analysis, pp. 1023–1027. CRC Press, September 2016. doi:10.1201/9781315374987-154
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Plósz, S., Schmittner, C., Varga, P. (2017). Combining Safety and Security Analysis for Industrial Collaborative Automation Systems. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security . SAFECOMP 2017. Lecture Notes in Computer Science(), vol 10489. Springer, Cham. https://doi.org/10.1007/978-3-319-66284-8_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-66284-8_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-66283-1
Online ISBN: 978-3-319-66284-8
eBook Packages: Computer ScienceComputer Science (R0)