Home > Research > Publications & Outputs > STPA-SafeSec

Research

Associated organisational unit

Links

Text available via DOI:

Keywords

View graph of relations

STPA-SafeSec: Safety and security analysis for cyber-physical systems

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published

Standard

STPA-SafeSec: Safety and security analysis for cyber-physical systems. / Friedberg, Ivo; McLaughlin, Kieran; Smith, Paul et al.
In: Journal of Information Security and Applications, Vol. 34, No. 2, 30.06.2017, p. 183-196.

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Harvard

Friedberg, I, McLaughlin, K, Smith, P, Laverty, DM & Sezer, S 2017, 'STPA-SafeSec: Safety and security analysis for cyber-physical systems', Journal of Information Security and Applications, vol. 34, no. 2, pp. 183-196. https://doi.org/10.1016/j.jisa.2016.05.008

APA

Friedberg, I., McLaughlin, K., Smith, P., Laverty, D. M., & Sezer, S. (2017). STPA-SafeSec: Safety and security analysis for cyber-physical systems. Journal of Information Security and Applications, 34(2), 183-196. https://doi.org/10.1016/j.jisa.2016.05.008

Vancouver

Friedberg I, McLaughlin K, Smith P, Laverty DM, Sezer S. STPA-SafeSec: Safety and security analysis for cyber-physical systems. Journal of Information Security and Applications. 2017 Jun 30;34(2):183-196. doi: 10.1016/j.jisa.2016.05.008

Author

Friedberg, Ivo ; McLaughlin, Kieran ; Smith, Paul et al. / STPA-SafeSec : Safety and security analysis for cyber-physical systems. In: Journal of Information Security and Applications. 2017 ; Vol. 34, No. 2. pp. 183-196.

Bibtex

@article{00b271e19e6e4c2a8a91891ef4b4448f,
title = "STPA-SafeSec: Safety and security analysis for cyber-physical systems",
abstract = "Cyber-physical systems tightly integrate physical processes and information and communication technologies. As today's critical infrastructures, e.g., the power grid or water distribution networks, are complex cyber-physical systems, ensuring their safety and security becomes of paramount importance. Traditional safety analysis methods, such as HAZOP, are ill-suited to assess these systems. Furthermore, cybersecurity vulnerabilities are often not considered critical, because their effects on the physical processes are not fully understood. In this work, we present STPA-SafeSec, a novel analysis methodology for both safety and security. Its results show the dependencies between cybersecurity vulnerabilities and system safety. Using this information, the most effective mitigation strategies to ensure safety and security of the system can be readily identified. We apply STPA-SafeSec to a use case in the power grid domain, and highlight its benefits.",
keywords = "Smart grid, Synchronous islanded generation, STPA, CPS, Safety, Cyber security",
author = "Ivo Friedberg and Kieran McLaughlin and Paul Smith and Laverty, {David M.} and Sakir Sezer",
year = "2017",
month = jun,
day = "30",
doi = "10.1016/j.jisa.2016.05.008",
language = "English",
volume = "34",
pages = "183--196",
journal = "Journal of Information Security and Applications",
issn = "2214-2126",
publisher = "Elsevier",
number = "2",

}

RIS

TY - JOUR

T1 - STPA-SafeSec

T2 - Safety and security analysis for cyber-physical systems

AU - Friedberg, Ivo

AU - McLaughlin, Kieran

AU - Smith, Paul

AU - Laverty, David M.

AU - Sezer, Sakir

PY - 2017/6/30

Y1 - 2017/6/30

N2 - Cyber-physical systems tightly integrate physical processes and information and communication technologies. As today's critical infrastructures, e.g., the power grid or water distribution networks, are complex cyber-physical systems, ensuring their safety and security becomes of paramount importance. Traditional safety analysis methods, such as HAZOP, are ill-suited to assess these systems. Furthermore, cybersecurity vulnerabilities are often not considered critical, because their effects on the physical processes are not fully understood. In this work, we present STPA-SafeSec, a novel analysis methodology for both safety and security. Its results show the dependencies between cybersecurity vulnerabilities and system safety. Using this information, the most effective mitigation strategies to ensure safety and security of the system can be readily identified. We apply STPA-SafeSec to a use case in the power grid domain, and highlight its benefits.

AB - Cyber-physical systems tightly integrate physical processes and information and communication technologies. As today's critical infrastructures, e.g., the power grid or water distribution networks, are complex cyber-physical systems, ensuring their safety and security becomes of paramount importance. Traditional safety analysis methods, such as HAZOP, are ill-suited to assess these systems. Furthermore, cybersecurity vulnerabilities are often not considered critical, because their effects on the physical processes are not fully understood. In this work, we present STPA-SafeSec, a novel analysis methodology for both safety and security. Its results show the dependencies between cybersecurity vulnerabilities and system safety. Using this information, the most effective mitigation strategies to ensure safety and security of the system can be readily identified. We apply STPA-SafeSec to a use case in the power grid domain, and highlight its benefits.

KW - Smart grid

KW - Synchronous islanded generation

KW - STPA

KW - CPS

KW - Safety

KW - Cyber security

U2 - 10.1016/j.jisa.2016.05.008

DO - 10.1016/j.jisa.2016.05.008

M3 - Journal article

VL - 34

SP - 183

EP - 196

JO - Journal of Information Security and Applications

JF - Journal of Information Security and Applications

SN - 2214-2126

IS - 2

ER -