The DLR Institute of the Protection of Critical Maritime Infrastructure organized the first European Workshop on Maritime Systems Resilience. It was a fantastic event, bringing together speakers and participants from the European resilience community. The event covered social, organizational and technical subjects.
DTU was present with two papers and talks. One of them was delivered by Josef on “Design for Resilience”, using the integrated safety and security risk identification method UFoIE developed at DTU RiskLab. The UFoI-E method brings three components to the table:
An integrated system representation unifying cyber-, physical-, and cyber-physical elements of critical maritime systems, called the Uncontrolled Flow of Information and Energy Master Diagram (Guzman et al 2020)
An Accident Causation Model, considering cyber-, physical-, and cyber-physical factors (Guzman et al 2019)
A Scenario Builder for “Cyber-Physical Harm Analysis for Safety and Security” (CyPHASS) (Guzman et al 2021)
The core question is how we can leverage this analytical capability not “only” during system design and not “only” for minimizing hazards and vulnerabilities, but also a) throughout the construction and operation phases (in addition to the design phase), and b) for resisting and recovering from disruptions (not only preventing).
How much do we really understand about our safety and security scenarios, if two leading methods overlap by only a third? Source: Guzman et al 2021
One key insight from the talk were the results of our benchmarking of “our” UFoI-E method to identify complex safety-security cascade risks, versus the results obtained with the (more established) STPA-Extension method. Only about one third of the identified scenarios overlapped between the two methods. This raises the question of how confident we can really be in our understanding of critical safety risks in cyber-physical systems.