Concept of Multifactor Method and Non-Functional Requirements Solution to Increase Resilience through Functional Safety with Cybersecurity Analysis

Piesik, Emilian; Śliwiński, Marcin; Subramanian, Narayanan; Zalewski, Janusz

doi:10.17531/ein/189454

Artykuł - szczegóły

Tytuł artykułu

Concept of Multifactor Method and Non-Functional Requirements Solution to Increase Resilience through Functional Safety with Cybersecurity Analysis

Autorzy

Piesik Emilian , Śliwiński Marcin , Subramanian Narayanan , Zalewski Janusz

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.17531/ein/189454

Warianty tytułu

Języki publikacji

Abstrakty

In the process of designing safety systems, an integrated approach in safety and cybersecurity analysis is necessary. The paper describes a new technique of increasing resilience through integrated analysis of functional safety and cybersecurity. It is a modeling methodology based on the combination of the multifactor method utilizing modified risk graphs, used previously for Safety Integrity Level (SIL) assessment, and the Non-Functional Requirements (NFR) approach. The NFR approach, based on the analysis of graphical representation of conceptual and physical components of the system, contributes a technique to include cybersecurity through the Softgoal Interdependency Graph. The assessment methodology is outlined in detail and applied to a case study involving an industrial control system. The analysis turns out to be effective in both aspects: confirming the findings of the multifactor approach based on modified risk graphs and complementing the traditional analysis to increase resilience in discovering and mitigating security vulnerabilities for SIL assessment by the use of NFR.

Słowa kluczowe

energy efficient Cybersecurity system resilience functional safety NFR approach safety integrity level

Wydawca

Polskie Naukowo-Techniczne Towarzystwo Eksploatacyjne

Czasopismo

Eksploatacja i Niezawodność

Rocznik

2024

Tom

Vol. 26, no. 3

Strony

art. no. 189454

Opis fizyczny

Bibliogr. 45 poz., rys., tab., wykr.

Twórcy

autor

Piesik Emilian

emilian.piesik@pg.edu.pl

Department of Control Engineering, Gdańsk University of Technology, Poland

https://orcid.org/0000-0002-1618-847X

autor

Śliwiński Marcin

marcin.sliwinski@pg.edu.pl

Department of Control Engineering, Gdańsk University of Technology, Poland

https://orcid.org/0000-0001-7577-0526

autor

Subramanian Narayanan

nsubramanian@uttyler.edu

Computer Science, The University of Texas at Tyler, United States

https://orcid.org/0000-0002-3963-9149

autor

Zalewski Janusz

ikswelaz@gmail.com

Department of Computing and Software Engineering, Florida Gulf Coast University, United States
National Academy of AppliedSciences Ignacy Mościcki in Ciechanów, Poland

https://orcid.org/0000-0002-2823-0153

Bibliografia

1. N. M. Pilanawithana, Y. Feng, K. London, P. Zhang, “Developing resilience for safety management systems in building repair and maintenance: A conceptual model”, Safety Science, vol. 152, 2022, https://doi.org/10.1016/j.ssci.2022.105768.
2. D.-H. Ham, “Safety-II and Resilience Engineering in a Nutshell: An Introductory Guide to Their Concepts and Methods.” Safety and Health at Work, vol. 12, pp. 10-19, 2021. https://doi.org/10.1016/j.shaw.2020.11.004
3. D. J. Provan, D. D. Woods, S. W. A. Dekker, A. J. Rae, “Safety II professionals: How resilience engineering can transform safety practice,” Reliability Engineering and System Safety, vol. 195, https://doi.org/10.1016/j.ress.2019.106740
4. I, Ed-daoui, A. El Hami, M. Itmi, N. Hmina, T. Mazri, “Resilience assessment as a foundation for systems-of-systems safety evaluation: Application to an economic infrastructure.” Safety Science, vol. 115, pp. 446–456, 2019, https://doi.org/10.1016/j.ssci.2019.02.030
5. Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems. IEC 61508, Geneva, 2010.
6. Functional safety: Safety Instrumented Systems for the Process Industry Sector. IEC 61511, Geneva, 2015.
7. J.H. Saleh, A.M. Cummings, ”Safety in the mining industry and the unfinished legacy of mining accidents,” Safety Science, vol. 49, pp. 764-777, 2011. https://doi.org/10.1016/j.ssci.2011.02.017
8. M. Śliwiński, E. Piesik, ”Integrated functional safety and cybersecurity analysis,” IFAC Papers OnLine, vol. 51, pp. 1263–1270, 2018. https://doi.org/10.1016/j.ifacol.2018.09.572
9. A.C. Torres-Echeverria, ”Use of LOPA and risk graphs for determination of SIL,” J. of Loss Prevention in the Process Industries, vol. 41, pp. 333-343, 2016. https://doi.org/10.1016/j.jlp.2015.12.007
10. A. Gabriel, C. Ozansoy, J. Shi, ”SIL determination and calculation – new developments,” Reliability Engineering and System Safety, vol. 177, pp. 148-161, 2018. https://doi.org/10.1016/j.ress.2018.04.028
11. Security for industrial automation and control systems. IEC 62443, Geneva, 2013.
12. Information technology -- Information security management systems – Overview and vocabulary. ISO/IEC 27000, Geneva, 2018.
13. S. Kriaa, L. Pietre-Cambacedes, M. Bouissou, Y. Halgand, ”Approaches combining safety and security for industrial control systems,” Reliability Engineering and System Safety, vol. 139, pp. 156–178, July 2015. https://doi.org/10.1016/j.ress.2015.02.008
14. J. Braband, ”What’s Security Level got to do with Safety Integrity Level?” Proc. ERTS 2016, Toulouse, France, January 27-29, 2016.
15. E. Piesik, M. Śliwiński, T. Barnert, ”Determining the safety integrity level of systems with security aspects,” Reliability Engineering and System Safety, vol. 152, pp. 259-272, 2016. https://doi.org/10.1016/j.ress.2016.03.018
16. M. Śliwiński, ”Verification of safety integrity level for safety-related functions enhanced with security aspects,” Process Safety and Environmental Protection, vol. 118, pp. 79-92, 2018. https://doi.org/10.1016/j.psep.2018.06.016
17. N. Subramanian, J. Zalewski, “Quantitative Evaluation of Safety and Security in Cyberphysical Systems Using NFR Approach,” IEEE Systems Journal, vol. 10, no. 2, pp. 397-409, 2016. https://doi.org/10.1109/JSYST.2013.2294628
18. N. Subramanian, J. Zalewski, ”Use of the NFR Approach to Safety and Security Analysis of Control Chains in SCADA,” IFAC Papers OnLine, vol. 51, no. 6, pp. 214–219, 2018. https://doi.org/10.1016/j.ifacol.2018.07.156
19. K.T. Kosmowski, ”A methodology for functional safety and reliability analysis in hazardous industrial plants,” GUT, Gdansk, 2013.
20. T. Aven, ”A Framework for Risk Analysis Covering both Safety and Security,” Rel. Engineering & Systems Safety, vol. 92, pp. 745-754, 2007. https://doi.org/10.1016/j.ress.2006.03.008
21. S. Chockalingam et al., ”A Survey of Integrated Safety and Security Risk Assessment Methods.” Proc. CRITIS 2016, Paris, October 10–12, 2016, pp. 50-62. https://doi.org/10.1007/978-3-319-71368-7_5
22. F. Reichenbach et al., ”Pragmatic Approach to Joint Safety and Security Risk Analysis.” Proc. 2012 IEEE 23rd Intern. Symposium on Software Reliability, Dallas, Texas, November 27-30, 2012, pp. 239-244. https://doi.org/10.1109/ISSREW.2012.98
23. CYBER Methods and protocols. Part 1: Method and pro forma for Threat, Vulnerability, Risk Analysis (TVRA). Technical Specs, ETSI TS 102 165-1. European Telecommunications Standards Institute, 2017.
24. S. Kriaa, Safety and Security Modeling for Joint Risk Assessment in Cyberphysical Systems. Ph.D dissertation, Université Paris-Saclay, Paris, France, 2016.
25. [25] H. Abdo et al., ”Safety and Security Risk Analysis Approach to Industrial Control Systems,” Computers and Security, vol. 72, pp. 175-195, 2018. https://doi.org/10.1016/j.cose.2017.09.004
26. Y. Chen et al., ”Unified Security and Safety Risk Assessment – A Case Study on Nuclear Power Plants.” Proc. TSA 2014, Taichung, Taiwan, June 9-10, 2014, pp. 22-28. https://doi.org/10.1109/TSA.2014.13
27. Guide for Conducting Risk Assessments. Report NIST SP 800-30 Rev. 1, NIST, Gaithersburg, MD, September 2012.
28. Z. Ji, S.-H. Yang, Y. Cao, Y. Wang, C. Zhou, L. Yue, Y. Zhang, “Harmonizing safety and security risk analysis and prevention in cyber-physical systems,” Process Safety and Environmental Protection, vol. 148, pp. 1279–1291, 2021. https://doi.org/10.1016/j.psep.2021.03.004
29. T. Oueidat, J.-M, Flaus, F. Massé, “A review of combined safety and security risk analysis approaches,” Proc. ICCAS 2020, International Conference on Control, Automation and Diagnosis, Paris, Oct. 7-9, 2020. https://doi.org/10.1109/ICCAD49821.2020.9260512
30. X. Lyu, Y. Ding, S.-H. Yang, “Safety and security risk assessment in cyberphysical systems,” IET Cyber-Physical Systems: Theory & Applications, vol. 4, issue 3, pp. 221-232, 2019. https://doi.org/10.1049/iet-cps.2018.5068
31. W. Goble, H. Cheddie, Safety instrumented systems verification: Practical probabilistic calculations. ISA, 2015.
32. T.O. Grøtan, M.G. Jaatun, K. Øien, T. Onshus, The SeSa Method for Assessing Secure Access to Safety Instrumented Systems, Report SINTEF A1626. Trondheim, 2007.
33. SESAMO. Security and Safety Modelling. Artemis JU Grant Agreement 295354, April 2014.
34. Railway applications – Safety related communication in transmission systems. IEC 62280, Geneva, 2014.
35. Information technology Security techniques – Evaluation criteria for IT security. ISO/IEC 15408, Geneva, 1999.
36. P. Gruhn, H.L. Cheddie, Design, Analysis and Justification of Safety Instrumented Systems. 2nd Edition. ISA, 2006.
37. D.J. Smith, Reliability, Practical Methods for Maintainability and Risk. 9th Edition. Elsevier, London, 2017.
38. L. Chung, B.A. Nixon, E. Yu, J. Mylopoulos, Software Engineering with Non-Functional Requirements in Software Engineering, Kluwer, Boston, Mass., 2000. https://doi.org/10.1007/978-1-4615-5269-7
39. H.A. Simon, ”Rational Choice and the Structure of the Environment”, Psychological Review, vol. 63, no. 2, pp. 129-138, 1956. https://doi.org/10.1037/h0042769
40. N. Subramanian, J. Zalewski, ”Safety and Security Integrated SIL Evaluation Using the NFR Approach,” Integrating Research and Practice in Software Engineering, Springer, 2020, pp. 53-68. https://doi.org/10.1007/978-3-030-26574-8_5
41. E. Piesik, M. Śliwiński, T. Barnert, ”Determining and verifying the SIL of the safety instrumented systems with security aspects,” Reliability Engineering and System Safety, vol. 152, pp. 259-272, 2016. https://doi.org/10.1016/j.ress.2016.03.018
42. P. Hildebrandt, Critical aspects of safety, availability and communication in subsea gas pipelines, HIMA, 2000.
43. SINTEF. Reliability Data for Safety Instrumented Systems. PDS Data Handbook. SINTEF, Trondheim, 2010.
44. M. Śliwiński, K. Kosmowski, E. Piesik, “Current issues of the functional safety and cyber security analysis of the industrial and critical infrastructures,” Task Quarterly, vol. 23, no. 2, pp. 209-232, 2019.
45. 45. M. Śliwiński, E. Piesik, “Designing Control and Protection Systems with Regard to Integrated Functional Safety and Cybersecurity Aspects.” ENERGIES, 14, pp. 2227-2250, 2021, https://doi.org/10.3390/en14082227

Uwagi

Opracowanie rekordu ze środków MNiSW, umowa nr POPUL/SP/0154/2024/02 w ramach programu "Społeczna odpowiedzialność nauki II" - moduł: Popularyzacja nauki (2025).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-a177fbbb-4d2c-42bf-af82-227637af44d8