How to stop computers from killing people
I wish I could claim more credit for this fabulous paper by my former PhD student Nelson Carreras Guzman, but I will happily bask in the glory of its aura that, in my mind at least, extends to me as well.
Nelson did groundbreaking work to help us better model, understand and prevent cascading risks between the cyber world and the physical world. This paper he just published in Safety Science is the best overview to-date (other than his PhD thesis) to get a good overview of the “Unintended Flow of Information and Energy” method he developed for integrated safety and security analysis of Cyber-Physical Systems. In this paper, he adds a harm scenario builder, CyPHASS (short for: Cyber-Physical Harm Analysis for Safety and Security) that adds a crucial assessment component to the more identification-focused UFoI-E-frontend.
The CyPHASS harm scenario builder as an extended bowtie diagram (Guzman et al 2021) - it is actually very intuitive and straight forward, check it out in the paper.
I am copying the abstract below, but please download and read the full, open-access paper:
Guzman, N.H., Kozine, I., Lundteigen, M.A. (2021): An integrated safety and security analysis for cyber-physical harm scenarios. Safety Science, Vol 144, https://doi.org/10.1016/j.ssci.2021.105458
Highlights
Cyber-physical attacks can kill people and inflict damages in the physical world.
The domain of safety science increasingly overlaps with cyber-physical security
The UFoI-E method facilitates an integrated safety and security analysis of CPSs.
The CyPHASS prototype tool provides lessons learned in an extended bowtie model.
A risk identification workshop with the UFoI-E method enabled system improvements
Abstract
Increasing digitalization and autonomous solutions in physical systems promise to enhance their performance, cost-efficiency and reliability. However, the integration of novel information technologies with safety-related systems also brings new vulnerabilities and risks that challenge the traditional field of safety analysis. Particularly, cyber security threats are becoming key factors in complex accident scenarios in cyber-physical systems (CPSs), where unintentional errors and design flaws overlap with cyber security vulnerabilities that could lead to harm to humans and assets. This overlap between safety and security analysis is still a loosely defined domain without established theories and methods, leading to complications during the risk analysis of CPSs. In this paper, we first describe how the domain of safety science increasingly overlaps with security analysis. Subsequently, based on this overlapping, we illustrate and complement an integrated method for the identification of harm scenarios in CPSs. This method, coined Uncontrolled Flows of Information and Energy (UFoI-E), offers a distinct theoretical foundation rooted in accident causation models and a framework to design diagrammatic representations of CPSs during the analysis. After summarizing these features of the UFoI-E method, we present our original contribution to the method, which is a new practical toolkit for risk identification composed of an ontology of harm scenarios and a database of checklists built from lessons learned analysis and expert knowledge. Finally, we demonstrate an application of the method in an illustrative case and show representative fields for future work.