Skip to main content
SpringerLink
Log in

Combining Safety and Security Analysis for Industrial Collaborative Automation Systems

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security (SAFECOMP 2017)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10489))

Included in the following conference series:

Abstract

In collaborative automation systems, providing both security and safety assessments are getting increasingly important. As IoT systems gain momentum in the industrial domain, experts stress their concerns about security and safety. Improperly or carelessly deployed and configured systems hide security threats, and even raise issues on safety, as their behavior can threaten human life. The cloud based back-ends are getting used for processing sensor data – on the other hand, legacy equipment, which may contain sensitive information, is made interoperable with broader infrastructure. Safety risks can be triggered by attacks on the backend and confidential information is at risks by attacks on legacy equipment.

In order to maintain safe and secure operations, safety and cyber-security assessment methods have been established. There is an increased demand in modern industrial systems to perform these regularly. These methods however require a lot of time and effort to complete. A solution to this problem would be combining the assessments. This requires that proper safety and security analysis methods must be selected – those that have compatible elements.

In this paper we propose a method that combines the elements of existing methodologies, in order to make the safety and security analysis process more effective. Furthermore, we present a case study, where we verified the combined methodology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. IEC 60812: Analysis techniques for system reliability - procedure for failure mode and effects analysis (FMEA)

    Google Scholar 

  2. IEC 60812: Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA) (2006)

    Google Scholar 

  3. ISO 61508: Functional safety of electrical/electronic/programmable electronic safety-related systems (2010)

    Google Scholar 

  4. ETSI - TS 102 165–1: Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability Analysis (2011)

    Google Scholar 

  5. SAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems (2016)

    Google Scholar 

  6. ISA: The 62443 series of standards - industrial automation and control systems security, December 2016. http://isa99.isa.org/Public/Information/The-62443-Series-Overview.pdf

  7. Bloomfield, R., Netkachova, K., Stroud, R.: Security-informed safety: if it’s not secure, it’s not safe. In: Gorbenko, A., Romanovsky, A., Kharchenko, V. (eds.) SERENE 2013. LNCS, vol. 8166, pp. 17–32. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40894-6_2

    Chapter  Google Scholar 

  8. Caralli, R., Stevens, J., Young, L., Wilson, W.: Introducing octave allegro: improving the information security risk assessment process. Technical report, CMU/SEI-2007-TR-012, Software Engineering Institute, Carnegie Mellon University, Pittsburgh (2007). http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8419

  9. Haapanen, P., Helminen, A.: Failure mode and effects analysis of software-based automation systems. Techncial report, Radiation and Nuclear Safety Authority, Helsinki (Finland) (2002)

    Google Scholar 

  10. Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: 2009 9th International Conference on Intelligent Transport Systems Telecommunications, (ITST), pp. 641–646, October 2009

    Google Scholar 

  11. Howard, M., Lipner, S.: The Security Development Lifecycle. Microsoft Press, Redmond (2006)

    Google Scholar 

  12. Islam, M.M., Lautenbach, A., Sandberg, C., Olovsson, T.: A risk assessment framework for automotive embedded systems. In: Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security, CPSS 2016, pp. 3–14. ACM, New York (2016). http://doi.acm.org/10.1145/2899015.2899018

  13. Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control Systems. Reliab. Eng. Syst. Saf. (2015). http://linkinghub.elsevier.com/retrieve/pii/S0951832015000538

  14. Macher, G., Armengaud, E., Brenner, E., Kreiner, C.: A review of threat analysis and risk assessment methods in the automotive context. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 130–141. Springer, Cham (2016). doi:10.1007/978-3-319-45477-1_11

    Chapter  Google Scholar 

  15. Microsoft: Microsoft Threat Modeling Tool 2016 download page (2016). https://www.microsoft.com/en-us/download/details.aspx?id=49168

  16. SN 29500: Failure rates of components 6 (1996–06)

    Google Scholar 

  17. Park, K.C., Shin, D.H.: Security assessment framework for IoT service. Telecommun. Syst. 64(1), 193–209 (2017). doi:10.1007/s11235-016-0168-0

    Article  Google Scholar 

  18. Piggin, R.S.H.: Development of industrial cyber security standards: IEC 62443 for SCADA and Industrial Control System security. In: IET Conference on Control and Automation 2013: Uniting Problems and Solutions, pp. 1–6, June 2013

    Google Scholar 

  19. Plósz, S., Hegedűs, C., Varga, P.: Advanced security considerations in the arrowhead framework. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 234–245. Springer, Cham (2016). doi:10.1007/978-3-319-45480-1_19

    Chapter  Google Scholar 

  20. Scandariato, R., Wuyts, K., Joosen, W.: A descriptive study of Microsoft’s threat modeling technique. Requirements Eng. 20(2), 163–180 (2015). doi:10.1007/s00766-013-0195-2

    Article  Google Scholar 

  21. Wiseman, D.R.: Risk, reliability and safety: innovating theory and practice. In: Attack tree analysis, pp. 1023–1027. CRC Press, September 2016. doi:10.1201/9781315374987-154

Download references

Author information

Authors and Affiliations

  1. Department of Safety and Security, Austrian Institue of Technology, 1220, Vienna, Austria

    Sándor Plósz & Christoph Schmittner

  2. Department of Telecommunications and Media Informatics, Budapest University of Technology and Economics, Budapest, 1117, Hungary

    Pál Varga

Authors
  1. Sándor Plósz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christoph Schmittner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pál Varga
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sándor Plósz .

Editor information

Editors and Affiliations

  1. Fondazione Bruno Kessler, Trento, Italy

    Stefano Tonetta

  2. Austrian Institute of Technology GmbH, Vienna, Austria

    Erwin Schoitsch

  3. Thales Transportation Systems GmbH, Ditzingen, Germany

    Friedemann Bitsch

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Plósz, S., Schmittner, C., Varga, P. (2017). Combining Safety and Security Analysis for Industrial Collaborative Automation Systems. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security . SAFECOMP 2017. Lecture Notes in Computer Science(), vol 10489. Springer, Cham. https://doi.org/10.1007/978-3-319-66284-8_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-66284-8_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-66283-1

  • Online ISBN: 978-3-319-66284-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation