Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11094)


System safety standards have been available for two decades. Remarkably, none of the functional safety standards gave detailed guidance on how to treat potential security risks; security was – if at all – only mentioned in a small remark. However, the way how systems are built has changed; today’s safety-critical systems are more and more integrated in networks and, thus, the old paradigm of isolated systems is not any more valid. It has been recognized that safety and security, and since recently also performance, need to be treated in combination: Co-engineering is required. After a short glance at the state of the art in co-engineering methods and in respective standardization, the paper describes the approach of co-engineering with interaction points taken in the ECSEL project AQUAS, which has been running since May 2017. The methodology is illustrated with first details on how the co-engineering approach for the concept phase is realized in the industrial drive use case provided by Siemens AG Austria.


Co-engineering Product lifecycle Industrial drives Safety Security Performance Interaction point 



The work published here is based on research in the AQUAS project that has been funded by the ECSEL Joint Undertaking and the Austrian Ministry for Transport, Innovation and Technology (BMVIT) in the program “ICT of the Future” and the Austrian Research Promotion Agency (FFG) under Grant Agreement number 737475.


  1. 1.
    IEC_61508-1_Ed.2.0: Functional safety of electrical/electronic/programmable electronic safety-related. Part 1-6 (2010)Google Scholar
  2. 2.
    BBC Report: Hack attack causes ‘massive damage’ at steel works, Accessed May 2018
  3. 3.
    IEC 61800: Adjustable speed electrical power drive systems Part 1-7Google Scholar
  4. 4.
    ISO/IEC 15408-1:2009: Information technology – security techniques – evaluation criteria for IT security – Part 1: introduction and general modelGoogle Scholar
  5. 5.
    ISO/IEC 27000:2018: Information technology - security techniques - information security management systems - overview and vocabularyGoogle Scholar
  6. 6.
    ISO - International Organization for Standardization. ISO 26262 Road vehicles Functional Safety Part 1-10 (2011)Google Scholar
  7. 7.
    Scandariato, R., Wuyts, K., Joosen, W., Microsoft Corporation: A descriptive study of Microsoft’s threat modeling technique. Accessed May 2018
  8. 8.
    Macher, G., Sporer, H., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method (2015)Google Scholar
  9. 9.
    The_MERgE_Project: D3.4.4: Recommendations for Security and Safety Co-engineering (2016).
  10. 10.
    Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Cham (2014). Scholar
  11. 11.
    IEC 60812: Analysis techniques for system reliability – procedure for failure mode and effects analysis (FMEA), 2nd edn. (2006)Google Scholar
  12. 12.
  13. 13.
    SAE J3061: Cybersecurity guidebook for cyber-physical vehicle systems (2016)Google Scholar
  14. 14.
    IEC/TS_62443-1-1: Industrial communication networks – network and system security – Part 1-1: terminology, concepts and models (2009)Google Scholar
  15. 15.
    IEC_62443-2-1: Industrial communication networks – network and system security – Part 2-1: establishing an industrial automation and control system security program (2010)Google Scholar
  16. 16.
    IEC_62443-3-1: Industrial communication networks – network and system security – Part 3-1: system security requirements and security levels, DraftGoogle Scholar
  17. 17.
    IEC_62443-3-2: Industrial communication networks – network and system security – Part 3-2: security risk assessment and system design, DraftGoogle Scholar
  18. 18.
    IEC_62443-3-3: Industrial communication networks – network and system security – Part 3-3: system security requirements and security levels (2013)Google Scholar
  19. 19.
    IEC 62443-4-1: Security for industrial automation and control systems - Part 4-1: secure product development lifecycle requirements (2018)Google Scholar
  20. 20.
    IEC 62443-4-2: Industrial communication networks - security for industrial automation and control systems - Part 4-2: technical security requirements for IACS components, Draft (2017)Google Scholar
  21. 21.
    Industry 4.0 – Wikipedia.
  22. 22.
  23. 23.
    Schmittner, C., Ma, Z., Puschner, P.: Limitation and improvement of STPA-Sec for safety and security co-analysis. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 195–209. Springer, Cham (2016). Scholar
  24. 24.
    Fovino, I.N., Masera, M., De Cian, A.: Integrating cyber attacks within fault trees. Reliab. Eng. Syst. Saf. 94, 1394–1402 (2009)CrossRefGoogle Scholar
  25. 25.
    The AMASS Project.
  26. 26.
    Gashi, I., Povyakalo, A., Strigini, L.: Diversity, safety and security in embedded systems: modelling adversary effort and supply chain risks. In: 12th European Dependable Computing Conference (EDCC), Gothenburg, pp. 13–24 (2016)Google Scholar
  27. 27.
    The AQUAS Project.
  28. 28.
    The Arrowhead Project.
  29. 29.
    Bloomfield, R., Netkachova, K., Stroud, R.: Security-informed safety: if it’s not secure, it’s not safe. In: Gorbenko, A., Romanovsky, A., Kharchenko, V. (eds.) SERENE 2013. LNCS, vol. 8166, pp. 17–32. Springer, Heidelberg (2013). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.AIT Austrian Institute of Technology GmbHViennaAustria
  2. 2.Siemens Aktiengesellschaft ÖsterreichViennaAustria

Personalised recommendations