Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

  • Sabarathinam ChockalingamEmail author
  • Dina Hadžiosmanović
  • Wolter Pieters
  • André Teixeira
  • Pieter van Gelder
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10242)


Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic literature review, and identify 7 integrated safety and security risk assessment methods. We analyze these methods based on 5 different criteria, and identify key characteristics and applications. A key outcome is the distinction between sequential and non-sequential integration of safety and security, related to the order in which safety and security risks are assessed. This study provides a basis for developing more effective integrated safety and security risk assessment methods in the future.


Integrated safety and security risk assessment Risk analysis Risk evaluation Risk identification Safety risk assessment Security risk assessment 



This research received funding from the Netherlands Organisation for Scientific Research (NWO) in the framework of the Cyber Security research program. This research has also received funding from the European Union’s Seventh Framework Programme (FP7/2007-2013) under grant agreement ICT-318003 (TREsPASS). This publication reflects only the authors’ views and the Union is not liable for any use that may be made of the information contained herein.


  1. 1.
    Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Safety 139, 156–178 (2015)CrossRefGoogle Scholar
  2. 2.
    RISI Database: Schoolboy Hacks into Polish Tram System (2016).
  3. 3.
    Stoneburner, G.: Toward a unified security-safety model. Computer 39(8), 96–97 (2006)CrossRefGoogle Scholar
  4. 4.
    Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A combined safety-hazards and security-threat analysis method for automotive systems. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 237–250. Springer, Cham (2015). CrossRefGoogle Scholar
  5. 5.
    Schmittner, C., Ma, Z., Schoitsch, E., Gruber, T.: A case study of FMVEA and CHASSIS as safety and security co-analysis method for automotive cyber physical systems. In: Proceedings of the 1st ACM Workshop on Cyber Physical System Security (CPSS), pp. 69–80 (2015)Google Scholar
  6. 6.
    Sabaliauskaite, G., Mathur, A.P.: Aligning cyber-physical system safety and security. In: Cardin, M.A., Krob, D., Cheun, L.P., Tan, Y.H., Wood, K. (eds.) Complex Systems Design & Management Asia 2014, pp. 41–53. Springer, Cham (2015). Google Scholar
  7. 7.
    Schmittner, C., Ma, Z., Smith, P.: FMVEA for safety and security analysis of intelligent and cooperative vehicles. In: Bondavalli, A., Ceccarelli, A., Ortmeier, F. (eds.) SAFECOMP 2014. LNCS, vol. 8696, pp. 282–288. Springer, Cham (2014). Google Scholar
  8. 8.
    Chen, Y., Chen, S., Hsiung, P., Chou, I.: Unified security and safety risk assessment - a case study on nuclear power plant. In: Proceedings of the International Conference on Trusted Systems and their Applications (TSA), pp. 22–28 (2014)Google Scholar
  9. 9.
    Steiner, M., Liggesmeyer, P.: Combination of safety and security analysis - finding security problems that threaten the safety of a system. In: Workshop on Dependable Embedded and Cyber-physical Systems (DECS), pp. 1–8 (2013)Google Scholar
  10. 10.
    Fovino, I.N., Masera, M., De Cian, A.: Integrating cyber attacks within fault trees. Reliab. Eng. Syst. Safety 94(9), 1394–1402 (2009)CrossRefGoogle Scholar
  11. 11.
    European Union Agency for Network and Information Security (ENISA). The Risk Management Process (2016).
  12. 12.
    Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., Stoddart, K.: A review of cyber security risk assessment methods for SCADA systems. Comput. Secur. 56, 1–27 (2016)CrossRefGoogle Scholar
  13. 13.
    International Electrotechnical Commission (IEC).: IEC 60812: Analysis Techniques for System Reliability - Procedures for Failure Mode and Effects Analysis (2006)Google Scholar
  14. 14.
    Lee, W.S., Grosh, D.L., Tillman, F.A., Lie, C.H.: Fault tree analysis, methods, and applications - a review. IEEE Trans. Reliab. R–34(3), 194–203 (1985)CrossRefzbMATHGoogle Scholar
  15. 15.
    Kaiser, B., Liggesmeyer, P., Mackel, O.: A new component concept for fault trees. In: Proceedings of the 8th Australian Workshop on Safety Critical Systems and Software (SCS), vol. 33, pp. 37–46 (2003)Google Scholar
  16. 16.
    Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)Google Scholar
  17. 17.
    Roy, A., Kim, D.S., Trivedi, K.S.: Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees. In: Proceedings of the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1–12 (2012)Google Scholar
  18. 18.
    National Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems (2002)Google Scholar
  19. 19.
    Scandariato, R., Wuyts, K., Joosen, W.: A descriptive study of Microsoft’s threat modeling technique. Requirements Eng. 20(2), 163–180 (2015)CrossRefGoogle Scholar
  20. 20.
    Fovino, I.N., Masera, M.: Through the description of attacks: a multidimensional view. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 15–28. Springer, Heidelberg (2006). CrossRefGoogle Scholar
  21. 21.
    International Organisation for Standardization (ISO): ISO 31000: 2009 - Risk Management - Principles and Guidelines (2009)Google Scholar
  22. 22.
    Raspotnig, C., Karpati, P., Katta, V.: A combined process for elicitation and analysis of safety and security requirements. In: Bider, I., Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Wrycza, S. (eds.) BPMDS/EMMSAD -2012. LNBIP, vol. 113, pp. 347–361. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  23. 23.
    Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Cham (2014). Google Scholar
  24. 24.
    Chen, B., Schmittner, C., Ma, Z., Temple, W.G., Dong, X., Jones, D.L., Sanders, W.H.: Security analysis of urban railway systems: the need for a cyber-physical perspective. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 277–290. Springer, Cham (2015). CrossRefGoogle Scholar
  25. 25.
    Information Security Forum.: Threat Horizon 2017: Dangers Accelerate (2015).

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Sabarathinam Chockalingam
    • 1
    Email author
  • Dina Hadžiosmanović
    • 2
  • Wolter Pieters
    • 1
  • André Teixeira
    • 1
  • Pieter van Gelder
    • 1
  1. 1.Faculty of Technology, Policy and ManagementDelft University of TechnologyDelftThe Netherlands
  2. 2.DeloitteAmsterdamThe Netherlands

Personalised recommendations