STPA-SafeSec: Safety and Security Analysis for Cyber-Physical Systems

AbstractCyber-physical systems tightly integrate physical processes and information and communication technologies. As today's critical infrastructures, e.g., the power grid or water distribution networks, are complex cyber-physical systems, ensuring their safety and security becomes of paramount importance. Traditional safety analysis methods, such as HAZOP, are ill-suited to assess these systems. Furthermore, cybersecurity vulnerabilities are often not considered critical, because their effects on the physical processes are not fully understood. In this work, we present STPA-SafeSec, a novel analysis methodology for both safety and security. Its results show the dependencies between cybersecurity vulnerabilities and system safety. Using this information, the most effective mitigation strategies to ensure safety and security of the system can be readily identified. We apply STPA-SafeSec to a use case in the power grid domain, and highlight its benefits

Cybersecurity Education and Formal Methods

Formal methods have been largely thought of in the context of safety-critical systems, where they have achieved major acceptance. Tens of millions of people trust their lives every day to such systems, based on formal proofs rather than "we haven’t found a bug" (yet!); but why is "we haven’t found a bug" an acceptable basis for systems trusted with hundreds of millions of people’s personal data?This paper looks at some of these issues in cybersecurity, and the extent to which formal methods, ranging from "fully verified" to better tool support, could help. More importantly, recent policy reports and curricula initiatives appear to recommended formal methods in the limited context of "safety critical applications"; we suggest this is too limited in scope and ambition. Not only are formal methods needed in cybersecurity, the repeated and very public weaknesses of the cybersecurity industry provide a powerful motivation for formal methods

Cybersecurity in healthcare: A narrative review of trends, threats and ways forward

Electronic healthcare technology is prevalent around the world and creates huge potential to improve clinical outcomes and transform care delivery. However, there are increasing concerns relating to the security of healthcare data and devices. Increased connectivity to existing computer networks has exposed medical devices to new cybersecurity vulnerabilities. Healthcare is an attractive target for cybercrime for two fundamental reasons: it is a rich source of valuable data and its defences are weak. Cybersecurity breaches include stealing health information and ransomware attacks on hospitals, and could include attacks on implanted medical devices. Breaches can reduce patient trust, cripple health systems and threaten human life. Ultimately, cybersecurity is critical to patient safety, yet has historically been lax. New legislation and regulations are in place to facilitate change. This requires cybersecurity to become an integral part of patient safety. Changes are required to human behaviour, technology and processes as part of a holistic solution

Purple Llama CyberSecEval: A Secure Coding Benchmark for Language Models

This paper presents CyberSecEval, a comprehensive benchmark developed to help bolster the cybersecurity of Large Language Models (LLMs) employed as coding assistants. As what we believe to be the most extensive unified cybersecurity safety benchmark to date, CyberSecEval provides a thorough evaluation of LLMs in two crucial security domains: their propensity to generate insecure code and their level of compliance when asked to assist in cyberattacks. Through a case study involving seven models from the Llama 2, Code Llama, and OpenAI GPT large language model families, CyberSecEval effectively pinpointed key cybersecurity risks. More importantly, it offered practical insights for refining these models. A significant observation from the study was the tendency of more advanced models to suggest insecure code, highlighting the critical need for integrating security considerations in the development of sophisticated LLMs. CyberSecEval, with its automated test case generation and evaluation pipeline covers a broad scope and equips LLM designers and researchers with a tool to broadly measure and enhance the cybersecurity safety properties of LLMs, contributing to the development of more secure AI systems

Cybersecurity of Autonomous Systems in the Transportation Sector: An Examination of Regulatory and Private Law Approaches with Recommendations for Needed Reforms

The past twenty-five years gave rise to increasing levels of automation within the transportation sector. From initial subsystems, like vessel satellite tracking and automobile chassis control, automation continues apace. The future promises fully autonomous devices such as unmanned aerial systems (“UAS”) and self-driving cars (“UAV”). These autonomous and automatic systems and devices (“AASD”) provide safety, efficiency, and productivity benefits. Yet AASD operate under continual threat of cyber-attack. ¶ Compromised AASD can produce dire consequences in the transportation sector. The possible consequences extend far beyond financial harms to severe bodily injury or even death. Given both the prevalence of cyber threats and their potentially deadly consequences, the public holds a legitimate interest in ensuring that incentives exist to address the cybersecurity of such systems. ¶ This paper examines both the private and public law mechanisms for influencing AASD cybersecurity behaviors in the transportation sector; and undertakes the first comprehensive comparison of existing agency regulatory schemes. The findings presented herein propose: (1) additional legislation to promote sharing of cyber event data; and (2) transportation sector regulatory best practices that require mandatory submission and review of cybersecurity plans by OEMs and service providers when compromise of their products or services threatens safety of life or critical infrastructure. None of the recommendations advanced herein require regulators to direct the adoption of any specific technical solution or specific cybersecurity standard. Thus, industry participants can remain nimble in the face of evolving cyber threats, while ensuring public safety through what proves to be needed regulatory oversight

Cybersecurity of Robotics and Autonomous Systems: Privacy and Safety

Robots and autonomous systems in general are set to suffer similar cybersecurity problems that computers have been facing for decades. This is not only worrying for critical tasks such as those performed by surgical, or military robots but also for household robots such as vacuum cleaners or for teleconference robots compromise privacy and safety of their owners. What will happen if these robots are hacked? This study presents a survey on the cybersecurity attacks associated with service robots, and as a result, a taxonomy that classifies the risks faced by users when using service robots, distinguishing between security and safety threads, is presented. We also present the robot software development phase as one the most relevant ones for the security of robots

STRENGTHENING PROGRAM FOR NUCLEAR CYBER SECURITY AT NUCLEAR FACILITIES

Threats to the safety and security aspects of a facility target the physical aspects and the cyberinfrastructure. Critical facilities such as nuclear facilities use cyber-physical systems in their operating systems has vulnerabilities. Nuclear facilities in Indonesia could become targets of cyberterrorism because there have been incidents of attacks in several countries related to nuclear terrorism for specific purposes that threaten the safety and security operations of nuclear facilities. Similar threats may occur at other nuclear facilities as well as nuclear facilities in Indonesia, including the nuclear facility in Indonesia. The purpose of this study is to propose a nuclear cybersecurity program with a qualitative approach to attract more attention in supporting the anticipation of increasing cybersecurity threats at nuclear facilities. The program proposed was based on the description of terminology in nuclear safety and security and literature studies describing incidents of nuclear cyberterrorism attacks in the past. A cyber nuclear security program has been proposed through stakeholder collaboration, resource support, and capacity building for the ongoing nuclear security program

Cyberbiosecurity in high-containment laboratories

High-containment laboratories (HCLs) conduct critical research on infectious diseases, provide diagnostic services, and produce vaccines for the world’s most dangerous pathogens, often called high-consequence pathogens (HCPs). The modernization of HCLs has led to an increasingly cyber-connected laboratory infrastructure. The unique cyberphysical elements of these laboratories and the critical data they generate pose cybersecurity concerns specific to these laboratories. Cyberbiosecurity, the discipline devoted to the study of cybersecurity risks in conjunction with biological risks, is a relatively new field for which few approaches have been developed to identify, assess, and mitigate cyber risks in biological research and diagnostic environments. This study provides a novel approach for cybersecurity risk assessment and identification of risk mitigation measures by applying an asset-impact analysis to the unique environment of HCLs. First, we identified the common cyber and cyberphysical systems in HCLs, summarizing the typical cyber-workflow. We then analyzed the potential adverse outcomes arising from a compromise of these cyber and cyberphysical systems, broadly categorizing potential consequences as relevant to scientific advancement, public health, worker safety, security, and the financial wellbeing of these laboratories. Finally, we discussed potential risk mitigation strategies, leaning heavily on the cybersecurity materials produced by the Center for Internet Security (CIS), including the CIS Controls®, that can serve as a guide for HCL operators to begin the process of implementing risk mitigation measures to reduce their cyberbiorisk and considering the integration of cyber risk management into existing biorisk management practices. This paper provides a discussion to raise awareness among laboratory decision-makers of these critical risks to safety and security within HCLs. Furthermore, this paper can serve as a guide for evaluating cyberbiorisks specific to a laboratory by identifying cyber-connected assets and the impacts associated with a compromise of those assets

Optimizing Cybersecurity Risk in Medical Cyber-Physical Devices

Medical devices are increasingly connected, both to cyber networks and to sensors collecting data from physical stimuli. These cyber-physical systems pose a new host of deadly security risks that traditional notions of cybersecurity struggle to take into account. Previously, we could predict how algorithms would function as they drew on defined inputs. But cyber-physical systems draw on unbounded inputs from the real world. Moreover, with wide networks of cyber-physical medical devices, a single cybersecurity breach could pose lethal dangers to masses of patients. The U.S. Food and Drug Administration (FDA) is tasked with regulating medical devices to ensure safety and effectiveness, but its regulatory approach—designed decades ago to regulate traditional medical hardware—is ill-suited to the unique problems of cybersecurity. Because perfect cybersecurity is impossible and every cybersecurity improvement entails costs to affordability and health, designers need standards that balance costs and benefits to inform the optimal level of risk. The FDA, however, conducts limited cost-benefit analyses, believing that its authorizing statute forbids consideration of economic costs. We draw on statutory text and case law to show that this belief is mistaken and that the FDA can and should conduct cost-benefit analyses to ensure safety and effectiveness, especially in the context of cybersecurity. We describe three approaches the FDA could take to implement this analysis as a practical matter. Of these three, we recommend an approach modeled after the Federal Trade Commission’s cost-benefit test. Regardless of the specific approach the FDA chooses, however, the critical point is that the agency must weigh costs and benefits to ensure the right level of cybersecurity. Until then, medical device designers will face continued uncertainty as cybersecurity threats become increasingly dangerous