Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic literature review, and identify 7 integrated safety and security risk assessment methods. We analyze these methods based on 5 different criteria, and identify key characteristics and applications. A key outcome is the distinction between sequential and non-sequential integration of safety and security, related to the order in which safety and security risks are assessed. This study provides a basis for developing more effective integrated safety and security risk assessment methods in the future

Risk Analysis for Smart Cities Urban Planners: Safety and Security in Public Spaces

Christopher Alexander in his famous writings "The Timeless Way of Building" and "A pattern language" defined a formal language for the description of a city. Alexander developed a generative grammar able to formally describe complex and articulated concepts of architecture and urban planning to define a common language that would facilitate both the participation of ordinary citizens and the collaboration between professionals in architectural and urban planning. In this research, a similar approach has been applied to let two domains communicate although they are very far in terms of lexicon, methodologies and objectives. These domains are urban planning, urban design and architecture, seen as the first domain both in terms of time and in terms of completeness of vision, and the one relating to the world of engineering, made by innumerable disciplines. In practice, there is a domain that defines the requirements and the overall vision (the first) and a domain (the second) which implements them with real infrastructures and systems. To put these two worlds seamlessly into communication, allowing the concepts of the first world to be translated into those of the second, Christopher Alexander’s idea has been followed by defining a common language. By applying Essence, the software engineering formal descriptive theory, using its customization rules, to the concept of a Smart City, a common language to completely trace the requirements at all levels has been defined. Since the focus was on risk analysis for safety and security in public spaces, existing risk models have been considered, evidencing a further gap also within the engineering world itself. Depending on the area being considered, risk management models have different and siloed approaches which ignore the interactions of one type of risk with the others. To allow effective communication between the two domains and within the engineering domain, a unified risk analysis framework has been developed. Then a framework (an ontology) capable of describing all the elements of a Smart City has been developed and combined with the common language to trace the requirements. Following the philosophy of the Vienna Circle, a creative process called Aufbau has then been defined to allow the generation of a detailed description of the Smart City, at any level, using the common language and the ontology above defined. Then, the risk analysis methodology has been applied to the city model produced by Aufbau. The research developed tools to apply such results to the entire life cycle of the Smart City. With these tools, it is possible to understand how much a given architectural, urban planning or urban design requirement is operational at a given moment. In this way, the narration can accurately describe how much the initial requirements set by architects, planners and urban designers and, above all, the values required by stakeholders, are satisfied, at any time. The impact of this research on urban planning is the ability to create a single model between the two worlds, leaving everyone free to express creativity and expertise in the appropriate forms but, at the same time, allowing both to fill the communication gap existing today. This new way of planning requires adequate IT tools and takes the form, from the engineering side, of harmonization of techniques already in use and greater clarity of objectives. On the side of architecture, urban planning and urban design, it is instead a powerful decision support tool, both in the planning and operational phases. This decision support tool for Urban Planning, based on the research results, is the starting point for the development of a meta-heuristic process using an evolutionary approach. Consequently, risk management, from Architecture/Urban Planning/Urban Design up to Engineering, in any phase of the Smart City’s life cycle, is seen as an “organism” that evolves.Christopher Alexander nei suoi famosi scritti "The Timeless Way of Building" e "A pattern language" ha definito un linguaggio formale per la descrizione di una città, sviluppando una grammatica in grado di descrivere formalmente concetti complessi e articolati di architettura e urbanistica, definendo un linguaggio comune per facilitare la partecipazione dei comuni cittadini e la collaborazione tra professionisti. In questa ricerca, un approccio simile è stato applicato per far dialogare due domini sebbene siano molto distanti in termini di lessico, metodologie e obiettivi. Essi sono l'urbanistica, l'urban design e l'architettura, visti come primo dominio sia in termini di tempo che di completezza di visione, e quello del mondo dell'ingegneria, con numerose discipline. In pratica, esiste un dominio che definisce i requisiti e la visione d'insieme (il primo) e un dominio (il secondo) che li implementa con infrastrutture e sistemi reali. Per metterli in perfetta comunicazione, permettendo di tradurre i concetti del primo in quelli del secondo, si è seguita l'idea di Alexander definendo un linguaggio. Applicando Essence, la teoria descrittiva formale dell'ingegneria del software al concetto di Smart City, è stato definito un linguaggio comune per tracciarne i requisiti a tutti i livelli. Essendo il focus l'analisi dei rischi per la sicurezza negli spazi pubblici, sono stati considerati i modelli di rischio esistenti, evidenziando un'ulteriore lacuna anche all'interno del mondo dell'ingegneria stessa. A seconda dell'area considerata, i modelli di gestione del rischio hanno approcci diversi e isolati che ignorano le interazioni di un tipo di rischio con gli altri. Per consentire una comunicazione efficace tra i due domini e all'interno del dominio dell'ingegneria, è stato sviluppato un quadro di analisi del rischio unificato. Quindi è stato sviluppato un framework (un'ontologia) in grado di descrivere tutti gli elementi di una Smart City e combinato con il linguaggio comune per tracciarne i requisiti. Seguendo la filosofia del Circolo di Vienna, è stato poi definito un processo creativo chiamato Aufbau per consentire la generazione di una descrizione dettagliata della Smart City, a qualsiasi livello, utilizzando il linguaggio comune e l'ontologia sopra definita. Infine, la metodologia dell'analisi del rischio è stata applicata al modello di città prodotto da Aufbau. La ricerca ha sviluppato strumenti per applicare tali risultati all'intero ciclo di vita della Smart City. Con questi strumenti è possibile capire quanto una data esigenza architettonica, urbanistica o urbanistica sia operativa in un dato momento. In questo modo, la narrazione può descrivere con precisione quanto i requisiti iniziali posti da architetti, pianificatori e urbanisti e, soprattutto, i valori richiesti dagli stakeholder, siano soddisfatti, in ogni momento. L'impatto di questa ricerca sull'urbanistica è la capacità di creare un modello unico tra i due mondi, lasciando ognuno libero di esprimere creatività e competenza nelle forme appropriate ma, allo stesso tempo, permettendo ad entrambi di colmare il gap comunicativo oggi esistente. Questo nuovo modo di progettare richiede strumenti informatici adeguati e si concretizza, dal lato ingegneristico, in un'armonizzazione delle tecniche già in uso e in una maggiore chiarezza degli obiettivi. Sul versante dell'architettura, dell'urbanistica e del disegno urbano, è invece un potente strumento di supporto alle decisioni, sia in fase progettuale che operativa. Questo strumento di supporto alle decisioni per la pianificazione urbana, basato sui risultati della ricerca, è il punto di partenza per lo sviluppo di un processo meta-euristico utilizzando un approccio evolutivo

Safety and security co-analysis in transport systems: Current state and regulatory development

Transportation is sensitive to risk. Given the fast development of digitalisation and automation of transport systems in the past decade, new types of security risks (e.g. cyberattacks) emerge within the context of transport safety research. To enable the integrated analysis of emerging security and classical safety-related risks in a holistic manner, safety and security co-analysis (SSCA) is highly demanded for accident prevention. SSCA in transport systems will benefit the risk analysis of complex cyber physical transport systems facing challenges from both hazards and threats. However, the nature of hazard and threat-based risks is fundamentally different, which leads to the various difficulties of analysing them on the same plane. They include the use of different risk parameters, the uncertainty levels of the risk input and the methodologies of risk inference. To address such concerns, this study firstly reviews the literature on SSCA and compares the employed methodologies and their applications within the context of transport systems. Taking into account the advantages of both security-driven and safety-oriented methods, a conceptual framework is proposed to imply the insights on SSCA for transportation through both top-down and bottom-up perspectives, followed by a quantitative illustrative case study. Then, the regulatory development and evolution of SSCA in transport in practice is analysed across different transport modes, which configures initiatives’ interrelations for a cross-fertilisation purpose. As a result, the findings reveal new research directions for the safety of digitalised and/or autonomous transport vehicles and aid in the formation of future transport safety study agendas

Model-based Safety and Security Co-analysis: a Survey

We survey the state-of-the-art on model-based formalisms for safety and security analysis, where safety refers to the absence of unintended failures, and security absence of malicious attacks. We consider ten model-based formalisms, comparing their modeling principles, the interaction between safety and security, and analysis methods. In each formalism, we model the classical Locked Door Example where possible. Our key finding is that the exact nature of safety-security interaction is still ill-understood. Existing formalisms merge previous safety and security formalisms, without introducing specific constructs to model safety-security interactions, or metrics to analyze trade offs

A Novel System-Theoretic Matrix-Based Approach to Analysing Safety and Security of Cyber-Physical Systems

Cyber-Physical Systems (CPSs) are getting increasingly complex and interconnected. Consequently, their inherent safety risks and security risks are so intertwined that the conventional analysis approaches which address them separately may be rendered inadequate. STPA (Systems-Theoretic Process Analysis) is a top-down hazard analysis technique that has been incorporated into several recently proposed integrated Safety and Security (S&S) analysis methods. This paper presents a novel methodology that leverages not only STPA, but also custom matrices to ensure a more comprehensive S&S analysis. The proposed methodology is demonstrated using a case study of particular commercial cloud-based monitoring and control system for residential energy storage systems

A Novel System-Theoretic Matrix-Based Approach to Analysing Safety and Security of Cyber-Physical Systems

Cyber-Physical Systems (CPSs) are getting increasingly complex and interconnected. Consequently, their inherent safety risks and security risks are so intertwined that the conventional analysis approaches which address them separately may be rendered inadequate. STPA (Systems-Theoretic Process Analysis) is a top-down hazard analysis technique that has been incorporated into several recently proposed integrated Safety and Security (S&S) analysis methods. This paper presents a novel methodology that leverages not only STPA, but also custom matrices to ensure a more comprehensive S&S analysis. The proposed methodology is demonstrated using a case study of particular commercial cloud-based monitoring and control system for residential energy storage systems