No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
The SEMA referential framework: Avoiding ambiguities in the terms "security" and "safety"
Abstract
The meaning of the terms “security” and “safety” varies considerably from one context to another, leading to potential ambiguities. These ambiguities are very problematic in the critical infrastructure protection domain, which involves multiple actors and engineering disciplines. Avoiding misunderstandings caused by the ambiguities during the early stages of system design and risk assessment can save time and resources; it also helps ensure a more consistent and complete risk coverage. Based on a review of the existing definitions of security and safety, this paper identifies the main distinctions between the two notions. It proposes a referential framework called SEMA, which makes the latent differences underlying the use of the terms security and safety explicit. Three sectors are examined as use cases: The power grid, nuclear power generation, and telecommunications and data networks. Mapping the different sector definitions of security and safety in the SEMA framework makes their respective meanings explicit and reveals inconsistencies and overlaps.
... It must be noted that no single definition exists for most of these terms. The definitions used here are inspired by works dedicated to defining these terms, such as [14,15]. However, the definitions presented here are kept short and nonrestrictive on purpose. ...
... ⊲ Many other classifications of threats are possible based on whether they affect a cyber or physical system, or based on whether its effect is internal to the system or also extends into the environment. An overview of these definitions and how they are used can be found in [14]. The definitions given above are, however, deemed most suitable for CPSs by the author. ...
... Notable research, however outside the scope of this dissertation, is done in the field of predictive maintenance [103] for prevention of such physical anomalies. 14 1 Introduction by [104] with the Diffie-Hellman encryption scheme. Since then the field has matured [105], giving rise to amongst others the famous Rivest-Shamir-Adleman (RSA) encryption scheme [106]. ...
Without us realizing it, solutions for safety and security are present all around us. However, everyone has undoubtedly also experienced how inconvenient some safety and security measures can be. For example, think about security checks at the airport, the need to wear a bicycle helmet, or being asked to perform 2-factor authentication to log into an online account. Such inconveniences caused by safety and security measures can delay or even prevent their implementation, which is undesired. This reluctance to tolerate inconveniences for the sake of safety and security provides a challenge for engineers to find solutions with minimal impact on normal behaviour.
This challenge is especially pronounced in so-called cyber-physical systems (CPSs), in which digital automation is used to coordinate the actions of one or more physical systems. Examples of CPSs are airplanes, robotic arms or the power grid. Such CPSs have the combined advantages of the physical and cyber world, but are also subject to both threats to safety and security. In fact, the integration of physical and cyber parts in a CPS means that security issues can cause safety issues, and although less common safety issues can cause security issues.
Measures for safety and security of CPSs are categorized as prevention, resilience, and detection & accommodation. These different types of precautions can be used independently, but typically they need to be combined to provide adequate safety and security of a CPS. In this dissertation, three advances within safety and security of CPSs are presented which cover contributions on each of the different types of safety and security measures. Firstly, anomaly detection is addressed by extending existing sliding mode observer (SMO) based anomaly estimation methods with detection capability. To this end, two SMO based anomaly detectors are presented, which are applicable to a large class of SMOs. These detectors, by design, have no false alarms and allow for strong theoretical guarantees on detectability.
Secondly, a topology-switching coalitional control technique which integrates resilience, detection and accommodation is designed for safe control of a collaborative vehicle platoon (CVP) subjected to man-in-the-middle (MITM) cyber-attacks. Here resilience to undetected attacks is achieved by means of scenario-based model predictive control (MPC) and detected anomalies are accommodated by disabling the affected communication links. Lastly, a real-time implementation of encrypted control based on fully homomorphic encryption (FHE) is presented. FHE allows for manipulation of encrypted data, such that it can prevent confidentiality breaches during communication and computation.
Each contribution of this dissertation addresses a specific topic within safety and security of CPSs. By doing so, they demonstrate the potential of these methods to increase safety and security of CPSs while minimizing their impact on normal behaviour. This will promote the adaptation of safety and security measures and allows for safety and security throughout the continued progress in automation.
... Thirty-one studies were focusing on both requirements modeling and analysis. A few studies were either focusing solely on requirements analysis [69][70][71][72] or requirements traceability. 73 The architecture and design stages are of paramount importance in the development of any system; safety and security systems are no exceptions. ...
... 46,49,88,95,96 The use of power grid systems has been mentioned in previous studies. 69,83,104,120,126 Nuclear systems were mentioned in four studies. 37,66,69,91 Business systems have been used as an evaluation domain in three publications. ...
... 69,83,104,120,126 Nuclear systems were mentioned in four studies. 37,66,69,91 Business systems have been used as an evaluation domain in three publications. The use of business systems, mainly enterprise resource planning systems, has been mentioned in previous studies. ...
This article presents a systematic mapping study on the model‐driven engineering of safety and security concerns in software systems. Combined modeling and development of both safety and security concerns is an emerging field of research as both concerns affect one another in unique ways. Our mapping study provides an overview of the current state of the art in this field. This study carefully selected 143 publications out of 27,259 relevant papers through a rigorous and systematic process. This study then proposes and answers questions such as frequently used methods and tools and development stages where these concerns are typically investigated in application domains. Additionally, we identify the community's preference for publication venues and trends. The discussion on obtained results also features the gained insights and future research directions. This article presents a systematic mapping study on the model‐driven engineering of safety and security concerns in software systems. This study answers research questions such as frequently used methods and tools, development stages, and application domains. An overview of the overlapping between evaluation domains, development stages, and employed methods and tools within the safety and security software systems
... However, they did not identify explicitly the key features of CPSs for the context of their safety and security challenges, i.e. for the protection of CPSs goals against both unintentional and deliberate sources of risk potentially impacting the system or its environment (L. Pietre-Cambacedes & Bouissou, 2013) , (Ludovic Pietre-Cambacedes & Chaudet, 2010). ...
... Traditionally, the domain of safety analysis was limited to accidental or unintentional risks, whereas the domain of security analysis focuses on intentional sources of risk (Amundrud et al., 2017;Ludovic Pietre-Cambacedes & Chaudet, 2010). More recently, researchers have proposed and reviewed different methods that integrate safety and security analysis into a co-analysis framework (Chockalingam et al., 2013;Kavallieratos, Katsikas, & Gkioulos, 2020a;Kriaa et al., 2015;Lyu et al., 2019;Paul et al., 2016). ...
... threats) to the domain of security(Amundrud, Aven, & Flage, 2017;Paul et al., 2016;Ludovic Pietre-Cambacedes & Chaudet, 2010). ...
Increasingly, cyber risks are cascading into hazardous physical consequences, posing a direct danger to people’s lives and the environment. Cyber-physical systems (CPSs) are engineered systems that integrate information technologies, real-time control systems, physical processes, and human operators to influence physical processes by means of cooperative and (semi)automated control functions. Applications include autonomous transportation systems, industrial control systems, and medical devices, among others. Despite their tremendous benefits and promising potential, CPSs are exposed to an array of risk sources, including both unintentional errors and intentional attacks. These risks challenge the safe design and operation of CPSs and require integration of cybersecurity and safety analysis methods to ensure system protection.
This thesis describes, tests, and validates an integrated safety and security analysis method, coined the Uncontrolled Flows of Information and Energy (UFoI-E) method. This novel method facilitates the process of risk identification in CPSs, considering the cascading risks across the layers of the system and its environments.
The UFoI-E method is composed of three main constituents. The first constituent is the CPS master diagram, a multi-layered systems model to represent the architecture of CPSs. The second constituent is the UFoI-E causality concept, a novel causation model to conceptualize cascading risks across the information and energy domains of a system. The third constituent is the Cyber-Physical Harm Analysis for Safety and Security (CyPHASS). CyPHASS is a harm scenario builder that serves as a practical toolkit to perform risk identification systematically. For this purpose, CyPHASS uses the CPS master diagram as the system model under analysis and the UFoI-E causality concept as the theoretical model of causation.
In an overarching theoretical contribution, this thesis contributes to the integration of safety and security analysis of CPSs. The UFoI-E method builds from the body of knowledge in system safety and cybersecurity and provides a novel framework to assist multidisciplinary system designers and risk analysts. In practice, this thesis tests and validates the UFoI-E method by conducting real safety and security analysis in diverse CPSs applications at different development stages. Examples include autonomous surface vessels, a small-scale driverless bulldozer, and a safety-related industrial control system for a nuclear power plant. Finally, this thesis demonstrates the effectiveness of the UFoI-E method to facilitate safety and security analysis and provides recommendations for further work in the safety and security field.
... En raison de la nature de l'Industrie 4.0, et que les changements dans l'environnement défini par les systèmes cyber-physiques, diagnostiquer des incidents pose de nouvelles questions, en grande partie à cause des interactions entre sûreté et sécurité, qui sont bien plus importantes qu'auparavant. 5 D'après Piètre-Cambacédès et Bouissou [95], la sûreté et la sécurité ont quatre types d'interdépendances : dépendance conditionnelle, renforcement, antagonisme et indépendance. ...
... Piètre-Cambacédès and Bouissou and Bouissou [95]. It is a compilation of several definitions and scopes of safety and security used in various environments. ...
... According to Piètre-Cambacédès and Bouissou [95], safety and security have four types of interdependencies: conditional dependencies, reinforcement, antagonism and independence [94]. Safety and security are conditionally dependent when one is a requirement for the other. ...
The convergence of information and industrial systems triggered a paradigm shift in the management of malicious and accidental events.Safety and security must now interact and it changes the perimeters and the issues of diagnosis. After defining this new perimeter, this thesis provides an analysis of existing models that provide necessary informations for diagnosis. It then proposes PROS²E, a new event model upon which safety and security diagnosis can be performed in industrial systems. It was specificaly designed to exploit experience already present in the fields of safety and security management. PROS²E is then improved to represent more complex incidents and provide more accurate information. Several examples illustrate the diagnosis capacities of the model.
... 16 studies [31,61,62,80,27,48,10,17,55,100,76,70,107,69,104,84] were focusing on both requirements modeling and analysis. A few studies were either focusing solely on requirements analysis [75,83] or requirements traceability [43]. ...
... 10 out of 95 studies presented a framework, which could be useful in various phases of model-driven engineering of safety and security systems. These frameworks were based on either formal methods [99,8,27,55], SysML [65], or other various methods and tools [106,75,66,86,9]. 9 out of 95 studies presented a model. ...
... The use of medical systems has been mentioned in [106,8,114]. The use of nuclear systems has been mentioned in [75,24,67]. The use of power grid systems has been mentioned in [75,32,101]. ...
This paper presents a systematic mapping study on the model-driven engineering of safety and security concerns in systems. Integrated modeling and development of both safety and security concerns is an emerging field of research. Our mapping study provides an overview of the current state-of-the-art in this field. Through a rigorous and systematic process, this study carefully selected 95 publications out of 17,927 relevant papers published between 1992 and 2018. This paper then proposes and answers several relevant research questions about frequently used methods, development stages where these concerns are typically investigated in, or application domains. Additionally, we identify the community's preference for publication venues and trends.
... Furthermore, some languages, such as Spanish or Swedish, provide just a single word for both concepts, which are "seguridad" and "säkerhet" respectively. Thus, neither the linguistics aids to clarify these concepts [7]. As stated by International Atomic Energy Agency (IAEA), there is not a specific distinction between the safety and security terms [8]. ...
... In the conceptual framework proposed by [7,10], another distinction is taken into account: where the risk is originated and where it impacts. This framework, which is depicted in Figure 1.1, aims at helping to understand the relation between safety and security concepts. ...
... These terms can be used to clarify, define, develop and asses safety and security functionalities. Three use cases are provided with the aim of capturing the differences of safety and security terms: a power grid, a nuclear power generation and finally, telecommunication and data networks [7]. Figure 1.1: SEMA referential framework [7,10] However, there could be some difficulties in practice to decide when each term is applied when a system has characteristics with both safety and security connotations [11]. ...
In this thesis, a software framework for live patching in zero downtime
safety-critical systems, named Cetratus, is proposed, where dynamic software updates of application components are performed. The main characteristic is the quarantine-mode execution and monitoring mode,
similar to the sandboxing approach, in which the new software version is executed and monitored until enough trustworthiness of the new software version is determined. This feature also provides protection against possible software and patching failures, as well as the propagation of such faults through the system. To this end, partitioning techniques are employed. Although the
software upgrade is initiated by an updater, a ratification from an auditor is needed to proceed and accomplish the dynamic software updating process. These users are authenticated and logged prior proceeding with an update. The authenticity and integrity of the dynamic patch is also verified. Cetratus is aligned with industrial safety and security standards with respect to software updates.
... Threats to systems or individuals are complex and varied (Bubnovskaia, Leonidova & Lysova, 2019;Leveson, 2020), differing in nature (ex., malicious/accidental), origin (ex., internal/external), and target (ex., individual/system/environment) (Andéol-Aussage et al. 2013;Brantingham & Brantingham, 1991;Piètre-Cambacédès & Chaudet, 2010). Personnel training, OSH standards, and system redundancies are often used to address internally or system-originating threats to safety, like equipment malfunctions and human error (Kriaa et al., 2015). ...
... Personnel training, OSH standards, and system redundancies are often used to address internally or system-originating threats to safety, like equipment malfunctions and human error (Kriaa et al., 2015). Crime prevention and physical security strategies, conversely, are used to address maliciously originating threats, such as intrusion, sabotage, or violence (Kriaa et al., 2015;Piètre-Cambacédès & Chaudet, 2010). As crime and violence become growing concerns in vocational settings (Casteel & Peek-Asa, 2000), applications examining threat reductions of this type-separate from those examining system function or behavioral OSH standards-are necessary for comprehensive threat risk management and security enhancement efforts (Blokland & Reniers, 2019;Boustras & Waring, 2020;Crawford & Hutchinson, 2016). ...
Career and technical education (CTE) facilities on school campuses present unique security challenges due to their distinct layouts, structures, and equipment, which require tailored security considerations given expanding CTE student populations and increasing concerns of school violence. Drawing on principles of crime prevention through environmental design (CPTED) with Texas as a case application, this study developed a novel survey instrument to evaluate the influence of CTE facility design features and security activities on principals' perceptions of facility security. One hundred and eighty-three public middle and high school principals in Texas participated in the survey. A series of four hierarchical multiple regressions found that principals perceived CTE facilities as more secure the more they aligned with CPTED-oriented qualities. Security approaches more conventionally used in school settings, such as the use of security equipment and organized security activities, were not significantly associated with higher perceptions of facility security when design features were considered. The results suggest that integrating CPTED features into CTE classroom spaces can foster security perceptions similar to those in broader school design contexts, highlighting the importance of security approaches that include more than conventional classrooms and go beyond mechanical or organizational activities. District and school administrators, emergency management coordinators, and CTE program personnel can apply these results to improve the design of CTE facilities and non-traditional classrooms, as well as the content of comprehensive facility plans, to enhance holistic approaches to school safety and security.
... However, the differences between the two areas are important. For instance, security addresses malicious actors in the environment who impacting the system, whereas safety addresses accidental risks from the system that impact the environment [12]. Additionally, there is a gap in the maturity of the two domains, especially with regards to standardization. ...
... However, it is essential to note that security and safety are distinct domains with different needs and priorities and this must be considered when transferring knowledge. For example, security, in contrast to safety, has to deal with intelligent agents that have the intention to cause harm to a system [12]. This causes a high level of uncertainty about attackers' behavior. ...
... Sicherheit in German, byezopastnost in Russian (Boustras and Waring 2020) Spanish (Seguridad), Portuguese (segurança), Swedish (säkerhet) and Danish (sikkerhed) (Piètre-Cambacédès and Chaudet, 2010;Boholm et al., 2016)) confuse both the root concept of safety or security in addition to a hybrid (Meerts, 2014) or hyphenated expressions (Buzan and Hansen, 2009) such as cybersecurity, physical security, personal security or travel safety. In other words, safety and security vary significantly across languages, professions and communities. ...
... Significant safety distinctions are rooted in hazards and accidents. In contrast, security also considers adaptive, intent-based human action influencing life-safety, security, crime and terrorism (Piètre-Cambacédès and Chaudet, 2010;Jore, 2019). Figure 1.0 visualises this linear continuum. ...
Uncertainty and change will likely dominate the post-pandemic world of travel. While security and terrorism have been constant concerns for tourists, broader issues of personal safety, risk and crime will understandably infuse travel decision making in the wake of COVID-19. This chapter explores the multitude of definitions and expressions that make direct comparisons of security between places exceptionally difficult. In this chapter, context, hyper-specific location, travel security and crime prevention techniques are introduced. The chapter also explores the relationships and overlaps of international security, safety, terrorism, crime and risk. Complete with a series of systematic literature reviews specific to each sub-topic, large data sets, expert analysis and evidence-based decision making, this chapter offers practical tips for travellers at all levels of experience. The curated, practical advice will empower tourists to contribute to their own personal security by better understanding the complexities summed up with simple, practical guidance no matter where they venture. Overall, the consolidated security and terrorism work within this chapter presents an updated base for tourists and the travel industry to relaunch travel in the wake of one of the world's most significant travel disruptions. Tourists should be better informed and equipped for new travel challenges and adventures. Author Tony Ridley MSc is an international security and risk management professional. His global, practical experience range from security management in remote sites, enterprise security management for large multinational entities, commercial security services for millions of travellers and enterprise risk management at a major federal government agency. Tony's also a Veteran.
... Traditionally, the domain of safety analysis was bounded to accidental or unintentional risks, whereas the domain of security analysis focuses on intentional sources of risk [1,35]. More recently, researchers have proposed and reviewed different methods that integrate safety and security analysis into a co-analysis framework. ...
... Kriaa et al. [26] compared the Combined Harm Assessment of Safety and Security for Information Systems (CHASSIS) [37] and the Boolean logic Driven Markov Processes (BDMP) [35] in a case study. The case study was a CPS previously modelled with BDMP. ...
Emerging challenges in cyber-physical systems (CPSs) have been encouraging the development of safety and security co-analysis methods. These methods aim at mitigating the new risks associated with the convergence of safety-related systemic flaws and security-related cyber-attacks that have led to major losses in CPSs. Although several studies have reviewed existing safety and security co-analysis methods, only a few empirical studies have attempted to compare their strengths and limitations to guide risk analysis in practice. This paper bridges the gap between two novel safety and security co-analysis methods and their practical implementations. Namely, this paper compares a novel extension of the System-Theoretic Process Analysis (STPA-Extension) and the Uncontrolled Flows of Information and Energy (UFoI-E) method through a common case study. In our case study, the CPS under analysis is a conceptual autonomous ship. We conducted our comparative study as two independent teams to guarantee that the implementation of one method did not influence the other method. Furthermore, we developed a comparative framework that evaluates the relative completeness and the effort required in each analysis. Finally, we propose a tailored combination of these methods, exploiting their unique strengths to achieve more complete and cost-effective risk analysis results.
... Developing a modeling tool to support aircraft certification is challenging for several reasons. The language used in the regulations is difficult to navigate and often ambiguous [28]. For example, the FAA states in section §21.101(b) [29]: ...
Aircraft design and development programs must comply with many certification requirements described in natural language provided in a complex collection of document-based regulations and associated guidance material. As a result, individual design organizations develop internal processes detailing how regulatory requirements should be met within their aircraft design programs. Subject matter experts develop these processes, which are subjective interpretations of the regulations and can vary significantly between development programs and organizations. Model-based approaches are increasingly used to manage the complexity of the aircraft design and development process. Regulatory documentation, however, remains document-based, making certification a costly component of the design process. This paper reviews three approaches to modeling regulatory documentation of process mapping, ontological modeling, and Unified Modeling Language (UML) and compares their utility in the context of reducing ambiguity, reflecting complexity, and leveraging subject matter expertise. A case study is presented using the advisory circular AC 21.101-1B Establishing the Certification Basis of Changed Aeronautical Products to illustrate the comparison.
... Across a broad range of sectors (e.g. aviation, nuclear energy, chemistry, power grids, and information systems), safety and security have conventionally been distinguished by intentionality [25]- [29]. Safety focuses on preventing unintentional accidents, while security addresses protection from deliberate malicious actions [7]. ...
Multimodal foundation models (MFMs) represent a significant advancement in artificial intelligence, combining diverse data modalities to enhance learning and understanding across a wide range of applications. However, this integration also brings unique safety and security challenges. In this paper, we conceptualize cybersafety and cybersecurity in the context of multimodal learning and present a comprehensive Systematization of Knowledge (SoK) to unify these concepts in MFMs, identifying key threats to these models. We propose a taxonomy framework grounded in information theory, evaluating and categorizing threats through the concepts of channel capacity, signal, noise, and bandwidth. This approach provides a novel framework that unifies model safety and system security in MFMs, offering a more comprehensive and actionable understanding of the risks involved. We used this to explore existing defense mechanisms, and identified gaps in current research - particularly, a lack of protection for alignment between modalities and a need for more systematic defense methods. Our work contributes to a deeper understanding of the security and safety landscape in MFMs, providing researchers and practitioners with valuable insights for improving the robustness and reliability of these models.
... Typically, the safety and security aspects of ICSs are addressed differently, and several definitions and distinctions of the two concepts have been attempted in literature. Maybe the most notable is [24], which distinguishes between the two as follows: "Security is concerned with the risks originating from the environment and potentially impacting the system, whereas safety deals with the risks arising from the system and potentially impacting the environment." and "Security typically addresses malicious risks while safety addresses purely accidental risks". ...
Security verification of software systems is vital to ensure they are resilient against targeted attacks. Any vulnerability in the software should be discovered, classified, and resolved promptly to ensure the operational correctness and functional safety of the system. However, testing and program debugging of complex industrial control systems are often challenging due to the test oracle problem. In this work, we discuss an integrated method for test generation and fault localization using metamorphic testing. Our method extracts metamorphic relation from the system specification and uses it as the derived test oracle to distinguish the successful and failed tests for spectrum-based fault localization. The proposed approach consists of two phases: a test generation phase using metamorphic testing and a fault localization phase to assist with the root cause analysis and failure diagnosis. The method is exemplified on a load position system without explicit specifications of the test oracle, and the results show that it is effective in discovering vulnerabilities in the application and significantly assists the developers with root cause analysis of identified faults that reduces the overall failure diagnosis effort.
... According to Dunn Cavelty (2010, p. 155), cyber security "refers to a set of activities and measures, technical and non-technical, intended to protect the…cyberspace, but also devices, software, and the information they contain and communicate." While there are epistemological debates about what constitutes security (Burgess, 2008), in the context of technology, the term usually accentuates malicious risks, while safety refers to accidental risks (Piètre-Cambacédès & Chaudet, 2010). To emphasize the malicious character of the phenomenon in question, we predominantly use the term cyber threats in this paper. ...
Cyber security has become a key challenge for governments, companies, and citizens. This study conceptualizes media reporting as the phenomenon that binds these actors together. However, we know little about how threats to cyber security are reported. As a first step towards filling this gap, this study examines the reporting done by leading quality news websites in Germany, the United Kingdom, and the United States. Building on media reality theory and framing theory, a content analysis of 581 news articles related to cyber threats was conducted. U.K. news outlets alone accounted for more than half of the articles. In all three countries, hacking was by far the most prominent issue. There was also a clear focus on domestic events and actors. To conclude, media realities are typically shaped by national perspectives, despite the fact that cyber threats are a global phenomenon. Our findings furthermore imply that the news media successfully contributes to raising audiences' awareness of cyber threats but rarely discusses behaviors that would improve cyber security.
... There are different definitions of safety and cybersecurity terms around the world in different contexts and technical communities [2] [3]. For example, electrical engineers understand safety and cybersecurity differently than those in the nuclear community. ...
Risk analysis is an essential element for regulatory decision-making related to industrial systems with a high level of risks. The first law was created in France on December 31, 1991, presenting the general principles of risk assessment and prevention. Over time, a decree has been established which obliges the employer in an industrial system to create and keep a document transcribing the results of the risk assessment. Therefore, there has been a strong interest in the development of risk analysis approaches dealing with safety and the functioning of critical industrial systems.INERIS (direction of accidental risks) carries out the different types of studies that cover the entire process of controlling the accidental risks related to the classified installations. Therefore, their studies on risk analysis generally aim to prevent the major accidents for industrial installations subject to the environmental code and to relate specifically to the risks for people and the environment. Recently, cybersecurity has emerged as a critical issue for industrial sites: they are becoming increasingly vulnerable to cyberattacks due to their increasing digitization and connectivity and the use of IT technologies in control systems (OT) of the industrial systems.The risk analysis approaches and the tools of preventing the accidental risks are not suitable for dealing with and analyzing the risks related to cybersecurity, and the latter risks are rarely assessed and when they are, are assessed in processes and studies separated from the analysis of the accidental risks. Therefore, INERIS wishes to integrate cybersecurity issues into the various stages of the control of the risks on industrial installations that can have harm on people and the environment.For these reasons, a new risk analysis approach integrating the risks related to cybersecurity with the accidental risks in the same process is developed. The process of the approach makes it possible to create guides for the generic vulnerabilities that may exist on industrial systems and meta-models to represent the different attack scenarios that may be encountered on industrial sites. In addition, it makes it possible to automatically generate and search for the attack scenarios that may exist on a case study, based on a list of data collected from industrial installation, and to combine them with accidental risks extracted from a classical safety risks analysis in the same Bow-Tie called Cyber Bow-Tie.In addition, the evaluation of the combined risks in terms of the severity level and the likelihood value represents an important step to determine the level of criticality of the risk scenario and to put in place safety and cybersecurity measures and barriers in order to reduce or eliminate the unacceptable risks. For this reason, in the developed risk analysis approach, the steps of the evaluation and treatment of the combined risks are taken into consideration. The combined risks likelihoods are evaluated according to a two-dimensional vector representing respectively the likelihood of cybersecurity events and safety events since there are different concepts to define the likelihood related to safety and cybersecurity. Combining safety and cybersecurity risks in a single Bow-Tie and evaluating the levels of different types of risk scenarios provides a comprehensive representation and an exhaustive analysis of risk scenarios in terms of safety and cybersecurity.
... (b) organizational safety system issues have become more and more open, which promotes further expansion of the category of organizational safety problems. To be more specific, industrial organizations are threatened by safety and security risks [29], so the safety problems of industrial organizations are safety and security problems in the era of Safety 4.0. ...
Safety 4.0 is a new stage of safety science coincident with the development of Industry 4.0. In Safety 4.0, safety researchers and professionals attach importance to the perspective of safety information and emerging technologies in safety management, and thus promote a new concept: smart safety management (SSM). However, there are still many gaps in its fundamental theory, and there are few fundamental studies on the concept and essence of SSM. In order to fill these gaps, this paper introduces a theoretical study on the method of SSM. Firstly, in order to clarify the concept of smartness in the era of information, we elaborate the smartness performance of artificial entities and the essence of smart safety capability on the basis of analyzing the smartness performance of smart safety entities (SSEs). Then, we review the new characteristics and requirements of organizational safety management research and practice in the era of Safety 4.0; on this basis, we propose the definition and connotation of SSM in the era of Safety 4.0, and elaborate the specific content of the SSM method. Specifically, we divide SSM into four modules, safety information processing, safety action, inspiring awareness of safety and internal optimization, and thus build the content model of SSM. By expounding the contents and steps of the four modules, we further elaborate how to conduct SSM in industrial organizations. Then, we propose a SSM ecosystem for realizing sustainable safety in industrial organizations and analyze the approaches to realizing SSM in coal mine safety production. Finally, we analyze the significance of SSM in supporting sustainable safety and discuss the practical challenges that SSM may encounter in the future. The results show that SSM is a method based on safety intelligence, and it can support sustainable safety through the four aspects of comprehensive function, safety predictability, safety awareness and continuous optimalization.
... The nature of risk consequences differs as well [21]. Safety risk has a potential impact on the system environment, while security risk on the system itself [22]. Finally, the ways in which safety and security risk is assessed differ. ...
Background:
The popularity of DevSecOps is on the rise because it promises to integrate a greater degree of security into software delivery pipelines. However, there is also an unacceptable risk related to safety that cannot be overlooked, given the importance of this aspect in many industries.
Objective:
The objective of this study is to provide an overview of the safety aspects reported in the literature on DevSecOps. This study also characterizes such aspects and identifies the gaps that may lead to future research work.
Method
A systematic literature review was conducted using five well-known academic databases. The search was executed in September 2021 and March 2022 to identify relevant studies.
Results:
The search returned 114 academic studies. After the screening process, five primary studies published between 2019 and 2021 were selected. These studies were analyzed thoroughly to identify the safety aspects. Then, we categorized them into three main groups: (i) risk-related safety aspects, (ii) human-related aspects, and (iii) management aspects.
Conclusion:
Safety is an important characteristic that is becoming more critical as the number of critical systems grows. This review reveals that only a scarce number of studies are focusing on safety in DevSecOps. However, those studies gave us some insights into this topic. Therefore, our main observation is that this topic has not yet been completely explored in the academic literature. This review can encourage reflection and discussion between the safety and security communities.
... According to Aven (2014), we can understand safety science as the "knowledge about safety related issues, and the development of concepts, theories, principles and methods to understand, assess, communicate and manage (in a broad sense) safety". In this sense, the literature associates unintentional or random risk sources (hazards) to the domain of safety, and intentional and malicious risk sources (threats) to the domain of security (Amundrud et al., 2017;Paul et al., 2016;Pietre-Cambacedes and Chaudet, 2010). ...
Increasing digitalization and autonomous solutions in physical systems promise to enhance their performance, cost-efficiency and reliability. However, the integration of novel information technologies with safety-related systems also brings new vulnerabilities and risks that challenge the traditional field of safety analysis. Particularly, cyber security threats are becoming key factors in complex accident scenarios in cyber-physical systems (CPSs), where unintentional errors and design flaws overlap with cyber security vulnerabilities that could lead to harm to humans and assets. This overlap between safety and security analysis is still a loosely defined domain without established theories and methods, leading to complications during the risk analysis of CPSs. In this paper, we first describe how the domain of safety science increasingly overlaps with security analysis. Subsequently, based on this overlapping, we illustrate and complement an integrated method for the identification of harm scenarios in CPSs. This method, coined Uncontrolled Flows of Information and Energy (UFoI-E), offers a distinct theoretical foundation rooted in accident causation models and a framework to design diagrammatic representations of CPSs during the analysis. After summarizing these features of the UFoI-E method, we present our original contribution to the method, which is a new practical toolkit for risk identification composed of an ontology of harm scenarios and a database of checklists built from lessons learned analysis and expert knowledge. Finally, we demonstrate an application of the method in an illustrative case and show representative fields for future work.
... Several works in the literature are presented to show the differences between these terms. For example, based on the review of the definitions in 86 official documents (international, national standards/regulations in different sectors), Piètre-Cambacédès et al. [70] proposed two principal distinctions between the Safety and Security definitions. The first one is Malicious vs. Accidental (M-A) distinction. ...
Nowadays, the increasing number of Unmanned Aircraft System (UAS) operations raises public concerns on cybersecurity issues. Therefore, it requires methodologies to address these issues during the UAS development. It is the focal point of our research. This thesis has two significant contributions. Firstly, we propose a system-centric methodology to reinforce the cybersecurity of an existing (or designed) UAS. This methodology provides the user with a workflow to analyze the UAS, identify the possible attack scenarios, and identify suitable countermeasures. We call this methodology “System cybersecurity risk management”. Secondly, we propose an operation-centric methodology that considers the cybersecurity issues in the early phase of the UAS development (before the UAS is designed). This methodology is an extended version of the Specific Operation Risk assessment methodology (SORA). The SORA is a wide-known methodology to assess the risks of UAS operations under the “Specific” category. However, the current stage of the SORA methodology focuses only on safety but ignore cybersecurity. Our extension modules fulfill this missing part. We call our extension methodology as Specific Operation Risk assessment for Safety and Cybersecurity (SORA-C2S). Based on this methodology, we built a web-based tool that helps the user to perform the risk assessment semi-automatically. This thesis is a part of the cooperation between the SOGILIS Company and the GIPSA lab.
... Actually, just a single word is given for both concepts in some languages, for example, as in Spanish, Swedish or German. In this way, the linguistics do not help to clarify and distinguish these two concepts [3]. As described by the International Atomic Energy Agency (IAEA) [4], security tries to reduce malicious risks, prevent attacks and misuses in order to protect assets. ...
New generation Industrial Automation and Control Systems (IACS) are providing advanced connectivity features, enabling new automation applications, services and business models in the Industrial Internet of Things (IIoT) era. Nevertheless, due to the extended attack surface and increasing number of cyber-attacks against industrial equipment, security concerns arise. Hence, these systems should provide enough protection and resiliency against cyber-attacks throughout their entire lifespan, which, in the case of industrial systems, may last several decades. A sound and complete management of security issues and software updates is fundamental to achieve such goal, since leading-edge security countermeasures implemented in the development phase may eventually become out-of-date. In this article, a review of the IEC 62443 industrial security standard concerning the security maintenance of IIoT systems and components is given, along with guidelines for the implementation of such processes. As concluded, the security issues and software updates management shall jointly be addressed by the asset owner, service providers and product suppliers. These security processes should also be compatible with the safety procedures established by safety standards.
... In their risk management efforts, most CIs have developed unprecedented levels of granularity and specialization with regards to safety and security, which has led to the creation of two distinct organizational functions. Typical features and organizing principles have been illustrated in the literature [8], which stem from the very ontology of safety and security as defined by the absence or presence of malicious intent behind the related risks [10]. ...
An inextricable organizational dilemma characterizes risk management: when effective, risk management utilizes organizational resources to avoid superior damage. When not effective, it adds costs to unmanaged risks. This clashes with growing pressures on delivery of tangible value for end-users. Safety and security management aim at mitigating risks of safety or security nature. This chapter establishes a design-based framework to re-imagine the future of safety and security in an airport security environment. The chapter proposes a method for tangible, positive end-user value delivery. Our focus is on airport security where external users live a safety and security experience.
... The other one builds on the differences of origins-consequences, safety being the ability of the system not to harm the environment whereas security is the ability of the environment not to harm the system [4,15]. Yet, further refinements are proposed by some authors combining these two axes of distinction between safety and security, especially to account for differences in the use of terms in different domains and to enrich the system-environment axis by considering the ability of a system not to harm itself [16]. ...
This chapter looks back at how safety and security have developed in hazardous technologies and activities, explaining what has become an intersection between the two in both strategies and management practices. We argue for the connection to be made between social expectations of safe and secure societies and the limits to management and technical performance. In the first part of the chapter, conceptual similarities and differences are addressed and we distinguish three scientific and contextual vantage points for addressing how safety and security are converging: the conceptual approach, the technical and methodological approach, and the management and practice approach. We then go on to show that, as professional areas, safety and security have developed in different ways and supported by quite separate scientific and technological fields. Finally, we present the organization of the book.
... The other one builds on the differences of origins-consequences, safety being the ability of the system not to harm the environment whereas security is the ability of the environment not to harm the system [4,15]. Yet, further refinements are proposed by some authors combining these two axes of distinction between safety and security, especially to account for differences in the use of terms in different domains and to enrich the system-environment axis by considering the ability of a system not to harm itself [16]. ...
... The linguistics does not provide a clear definition and distinction. 4 As a result, it could be difficult to figure out the differences between these two terms and decide when each of these is applied in a given scenario. Safety is defined as the freedom from an unacceptable risk, so incidents and accidents that could impact on health or on the environment are prevented. ...
Safety‐critical systems are evolving into complex, networked, and distributed systems. As a result of the high interconnectivity among all networked systems and of potential security threats, security countermeasures need to be incorporated. Nonetheless, albeit cutting‐edge security measures are adopted and incorporated during the system development, such as latest recommended encryption algorithms, these protection mechanisms may turn out obsolete because of the long operational periods. New security flaws and bugs are continuously detected. Software updates are then essential to restore the security level of the system. However, system shutdowns may not be acceptable when high availability is required. As expressed by the European Union Agency for Network and Information Security (ENISA) “the research in the area of patching and updating equipment without disruption of service and tools” is needed. In this article, a novel live updating approach for zero downtime safety‐critical systems named Cetratus is presented. Cetratus, which is based on a quarantine‐mode execution and monitoring, enables the update of non‐safety‐critical software components while running, without compromising the safety integrity level of the system. The focus of this work lies on the incorporation of leading‐edge security mechanisms while safety‐related software components will remain untouched. Other non‐safety‐related software components could also be updated.
... However, they did not identify explicitly the key features of CPSs for the context of their safety and security challenges, that is, for the protection of CPSs goals against both unintentional and deliberate sources of risk potentially impacting the system or its environment. 27,28 In this section, we examine the features of CPSs comparing two perspectives of antecedents, applications, and trends for future developments. The first perspective is a well-known approach in the literature, starting the evolution of CPSs from embedded systems (ESs). ...
Many safety‐related systems are evolving into cyber‐physical systems (CPSs), integrating information technologies in their control architectures and modifying the interactions among automation and human operators. Particularly, a promising potential exists for enhanced efficiency and safety in applications such as autonomous transportation systems, control systems in critical infrastructures, smart manufacturing and process plants, robotics, and smart medical devices, among others. However, the modern features of CPSs are ambiguous for system designers and risk analysts, especially considering the role of humans and the interactions between safety and security. The sources of safety risks are not restricted to accidental failures and errors anymore. Indeed, cybersecurity attacks can now cascade into safety risks leading to physical harm to the system and its environment. These new challenges demand system engineers and risk analysts to understand the security vulnerabilities existing in CPS features and their dependencies with physical processes. Therefore, this paper (a) examines the key features of CPSs and their relation with other system types; (b) defines the dependencies between levels of automation and human roles in CPSs from a systems engineering perspective; and (c) applies systems thinking to describe a multi‐layered diagrammatic representation of CPSs for combined safety and security risk analysis, demonstrating an application in the maritime sector to analyze an autonomous surface vehicle.
... Safety and security are therefore two critical properties of every CPS, both sharing identical goals: protecting the CPS from hazards due to accidental failures (safety) or due to intentional attacks (security) [8], [9]. In this context, there is a recognized request to consider them under a unified view when designing and operating complex CPSs [7], [8], [10], [11]. This is particularly important every time a security mechanism may negatively impact the safety of the system or vice versa [12]. ...
Recent years have witnessed the growth of the adoption of Cyber-Physical Systems (CPSs) in many sectors such as automotive, aerospace, civil infrastructures and healthcare. Several CPS applications include critical scenarios, where a failure of the system can lead to catastrophic consequences. Therefore, anomalies due to failures or malicious attacks must be timely detected. This paper focuses on two relevant aspects of the design of a CPS: safety and security. It analyzes in a specific scenario how the Performance Monitor Counters (PMCs) available in several commercial microprocessors can be from the one hand a valuable tool to enhance the safety of a system and, on the other hand, a security backdoor. Starting from the example of a PMC based safety mechanism, the paper shows the implementation of a possible attack and eventually proposes a strategy to mitigate the effectiveness of the attack while preserving the safeness of the system.
Information resilience depends on critical infrastructure, as both information availability and effective communication rely on it. Disruptions in critical infrastructure undermine decision-making and situational awareness of various actors. This chapter explores the evolution of critical infrastructure policy within the European Union (EU) and the North Atlantic Treaty Organization (NATO), focusing on relevant policies and documents from the early 2000s to 2023. We begin by identifying key characteristics of critical infrastructure that necessitate dedicated policies by reviewing earlier literature. Following this, critical infrastructure policies and relevant documents within the EU and NATO contexts are examined, along with NATO-EU cooperation on critical infrastructure. Policy development within both organizations is characterized by a reactive approach, driven by the proliferation of terrorism, hybrid threats, and hostile state actors. Recent attention to ICT supply chains highlights a continuing reactive stance, yet acknowledgement of climate hazards indicates room for proactive strategies. The core characteristics of critical infrastructure have stayed the same, despite evolving risks and policies since the early 2000s.
The article discusses the uncertainty of legal definitions of aviation safety and and aviation security, the implementation of which often result in certain restrictions of human rights. In the article, a hypothesis is made that, despite usually treated as well-known concepts, safety and security are not so clear and well-defined, often leaving the reader to guess at their precise meaning. The aim of this article is to identify the core features that characterise aviation safety and aviation security and could disclose their legal content when assessing their comparative weight in relation to the protection of human rights. Supported by holistic approach from different perspectives (socio-cultural, historical, etc.), the phenomenological and hermeneutic analysis allowed providing an in-depth understanding of various meanings of safety and security concepts. An overview of the existing linguistic peculiarities of the use of the terms ‘safety’ and ‘security’ with an emphasis on the importance of determining the context in which they are used as primary evidence of their meaning is followed by the analysis of the common features and differences between the concepts of safety and security that supplements the discourse on the dilemma of combining subjective and objective, relative and absolute perceptions of safety and security. The research from the view point of normative jurisprudence reveals the polysemy inherent in aviation safety and aviation security, especially in terms of the values they represent, suggesting the conclusion that legal definitions of ‘aviation safety’ and ‘aviation security’ should in part be treated as a sort of ad hoc definitions, which have to be developed (clarified) in each particular case.
The widespread view that risk is highly relevant in late modern societies has also meant that the very study of risk has become central in many areas of social studies. The key aim of this book is to establish Risk Discourse as a field of research of its own in language studies. Risk Discourse is introduced as a field that not only targets elements of risk, safety and security, but crucially requires aspects of responsibility for in-depth analysis. Providing a rich illustration of ways in which risk and responsibility can serve as analytical tools, the volume brings together scholars from different disciplines within the study of language. An Introduction and an Epilogue highlight the intricate relationship between risk and responsibility. Part 1 deals with expert and lay perspectives on risk; Part 2 with emerging genres for risk discourse; Part 3 with risk and technology and Part 4 with ways of managing risk. The topics covered – such as COVID-19, nuclear energy, machine translation, terrorism – are socially pertinent and timely.
Tetsuta Komatsubara's chapter on "Framing risk metaphorically: Changes in metaphors of COVID-19 over time in Japanese", which is chapter 3 in the volume, won the Maenosono Young Researcher’s Award in 2024 as the best paper of each graduate school of Kobe University: https://www.kobe-u.ac.jp/ja/announcement/20240716-65819/
The term "cyber physical system" (CPS) refers to the increasingly common practise of embedding internet connectivity and sensing/transmitting capabilities into everyday things. Think about a smart home app that uses CPS gadgets. Due to its many benefits, such as saving time and money and improving human comfort and energy efficiency, the IoT has been more popular in recent years. The cyber physical system relies heavily on the low-capacity sensor node. To function as clients or hosts on the internet, these diverse components communicate with one another across a wireless network. Due to resource limits including little storage capacity, restricted computing power, and limited energy backup, the well-known security methods employed in desktop computers cannot function on these systems. SecureAuthKey is a lightweight authentication and key agreement system. Security and privacy concerns in existing constraint-based CPS applications are the focus of the proposed method. The final product is supposed to be a simple method of authenticating cyber-physical systems. Trustworthy, private, and data-protecting security algorithm for cyber-physical systems that does not compromise their ability to learn and act autonomously
CPS is an active system that transforms a physical system into a computerized system through the use of technology and a set of instructions that govern how the system operates. Because of CPS, even the most basic of equipment can function as a smart device. For the most part, these devices have limited processing capabilities, operate at low power, and have a small amount of storage space. The Internet of Things integrates everyday “things” with the internet. Computer Engineers have been adding sensors and processors to everyday objects since the 90s. However, progress was initially slow because the chips were big and bulky. Low power computer chips called RFID tags were first used to track expensive equipment. As computing devices shrank in size, these chips also became smaller, faster, and smarter over time. Existing security mechanisms works efficiently on high end CPS devices. The performance analysis also shows these algorithms perform well against different attacks. But when constraint-based applications come into the picture it was found that existing mechanism identifies many installation and configuration problems. Even these algorithms if installed in constraint-based application overall performance of the system degrade. To overcome these problems, we proposed a secure CPS flexible framework to improve the cyber security using a new session key security algorithm. So proposed algorithm must focus on constraint-based applications. It must support all the parameters of constraint-based devices. Key generated through algorithm must follows the key management design principles which includes scalability, freshness and accountability.
The rapid growth of Information Communication Technologies (ICT) has impacted many ields. In this context, the supply chain has also quickly evolved toward the digital supply chain where digital and electronic technologies have been integrated into every aspect of its end-to-end process. This evolution provides numerous beneits such as proit maximization, loss reduction, and the optimization of supply chain lead times. However, the use of such technologies has also considerably opened up various security threats and risks which have widened the attack surface on the entire end-to-end supply chain. We present a holistic survey on supply chain security. We discuss the diferent security issues and attacks that target the diferent supply chain technologies. Then, we discuss various countermeasures and security solutions proposed by academic and industry researchers to mitigate the identiied threats. Finally, we provide some recommendations and best practices that can be adopted to achieve a secure supply chain.
Big data technologies are entering the world of ageing computer systems running critical infrastructures. These innovations promise to afford rapid Internet connectivity, remote operations or predictive maintenance. As legacy critical infrastructures were traditionally disconnected from the Internet, the prospect of their modernisation necessitates an inquiry into cyber security and how it intersects with traditional engineering requirements like safety, reliability or resilience. Looking at how the adoption of big data technologies in critical infrastructures shapes understandings of risk management, we focus on a specific case study from the cyber security governance: the EU Network and Information Systems Security Directive. We argue that the implementation of Network and Information Systems Security Directive is the first step in the integration of safety and security through novel risk management practices. Therefore, it is the move towards legitimising the modernisation of critical infrastructures. But we also show that security risk management practices cannot be directly transplanted from the safety realm, as cyber security is grounded in anticipation of the future adversarial behaviours rather than the history of equipment failure rates. Our analysis offers several postulates for the emerging research agenda on big data in complex engineering systems. Building on the conceptualisations of safety and security grounded in the materialist literature across Science and Technology Studies and Organisational Sociology, we call for a better understanding of the ‘making of’ technologies, standardisation processes and engineering knowledge in a quest to build safe and secure critical infrastructures.
LegalTech 1.0, 2.0, 3.0, Tokenization, smart contract, AI, Eu ID. The use of technological solutions, increasingly often referred to as LegalTech,
in the administration of justice is nowadays necessary. It is impossible
to imagine courts functioning without information systems or
law firms not using electronic databases of case law and legal literature.
However, technology is developing further and starting to go beyond the
comfort zone of traditional legal services. Solutions are appearing which
can and sometimes do replace people in tasks which people used to deal
with not so long ago. Such solutions are e.g. those based on artificial
intelligence, resulting in various algorithms functioning in practice, not
always understandable for statistical users of legal services. This is, among
other reasons, why in many aspects the use of the LegalTech tool raises significant
doubts and leads to many unavoidable questions, including: Will
traditional lawyers survive? Will robots and automatons replace us? Will artificial
intelligence replace us in providing legal advice, creating contracts
or issuing judgments? Is the effectiveness of LegalTech tools greater than
the work of traditional lawyers? Or perhaps we are irreplaceable, irremovable
and have nothing to worry about, and the role of the lawyer will
not change? Of course, such and similar questions can be multiplied, and
the answer to them basically boils down to explaining what the various
LegalTech tools are, whether and how to implement them, and whether it
is necessary or just useful?
In this monograph we try to explore this research area and to bring
the reader closer to the next stage of development of law, which more
and more courageously uses various technological tools. Undoubtedly,
the previously separate “worlds” of law, engineering, information technology
and technology have come together in everyday life. Traditionally,
the law regulated technical issues, defined technical standards, influenced
the way IT systems were built or operated, including Internet platforms,
while engineers followed the advice or opinions of lawyers. It was the
law and lawyers who regulated technology and indicated the directions
of implementation. However, the last stage of the digital revolution has
quite significantly changed this situation, resulting in the equalization
of law and technology, and thus the influence of lawyers on engineers.
Increasingly, engineering is entering a domain that until recently was
reserved exclusively for lawyers, and information systems are effectively
replacing the work of a lawyer. In some aspects, such as Blockchain orBitcoin, engineering has even overtaken the law, forcing lawyers to learn,
pioneered research directions and forced new, necessary regulations on the
market. And, as you might think, more challenges lie ahead, and there is
no turning back from the digital road. It is the time of algorithms, the
time of legal technologization, the time of LegalTech. Therefore, the aim
of our research is not only to indicate how the law and the lawyer's work
is changing now, but also how much this area will change in the coming
years.
The book is an effect of scientific research of an inter-university team
of an international group of scientists dealing with problems of new technologies
and law in the aspect of digital economy 3.0 and economy 4.0.
The first results of the team's work have already been published in Polish
as part of the publication “LegalTech. Czyli jak bezpiecznie z narzędzi IT
w organizacji, w tym w kancelarii oraz dziale prawnym” (LegalTech. How
to safely use IT tools in an organisation, including a law firm and a legal
department), published by C.H. Beck (Warsaw 2021). The current publication
is a slightly revised and updated version of the Polish book, which
also includes new texts and a new perspective on the rapidly changing
technological reality that surrounds us.
The publication is divided into two parts. The first part is more theoretical
and explains the basic aspects and legal framework of technological
tools, while the second part presents LegalTech solutions functioning
in selected countries around the world. In the first part, we reflect on
the limits of technology, algorithms and various possibilities of applying
LegalTech tools in practice. In turn, in the second part, we show how
particular legislators have applied technological possibilities and how this
has improved the work of their judiciary.
Undoubtedly, our publication does not explain all aspects of technological
tools in the administration of justice. However, we believe that it can
provide a voice in the discussion on the current and future shape of the
legal services market. Therefore, we encourage you to discuss it with us.
Since the work has a collective character, it should be emphasised here that
the individual authors represent their own views. The fact that in such a
group we do not always agree on a particular thought, in our opinion,
only proves that we are open to other views, and the law is only the art
of interpretation, for which in the changing technological reality, there is
much room.We must add that the publication was financed within the framework
of a scientific project conducted at the Andrzej Frycz Modrzewski Krakow
Academy.
30.06.2021 Krakow, Dariusz Szostek, Mariusz Załucki
Background:
Occupational safety risk management is a systemic process capable of promoting technical engineering solutions, considering a wide range of predictable, unexpected and subjective factors related to accident occurrences. In Brazil, the behavior of managers in relation to risk management tends to be reactive, and facilitates access to information for crucial practical and academic purposes when it comes to changing the attitude of managers, so that their actions become increasingly more proactive.
Objective:
To identify, classify, analyze, and discuss the existing literature related to the topic, produced from 2008 to 2020, besides contributing to a broader understanding of risk management in occupational safety.
Methods:
We did a systematic literature mapping. The research process was documented starting by the planning stage. Afterwards, the focus was on research conduction and information synthesis.
Results:
Knowledge systematization and stratification about OHS risk management through various perspectives to identify, analyze and manage risks in the workplace. Were identified 37 tools for identifying and analyzing risks, management-related practices and future research trends.
Conclusions:
The set of tools and management practices identified can be used as a support for decision making in the selection process of tools and practices to reduce risks and improve occupational safety. Also, the results can help target future research.
In this introductory chapter, we illustrate the book’s motivation and objective. In particular, the book takes its raison d’être from the need for protecting Cyber-Physical Systems (CPSsCyber-Physical Systems (CPS)) against threats originating either in the cyber or in the physical domain. Exploring the concepts of safetySafety, securitySecurity, and privacyPrivacy for CPSsCyber-Physical Systems (CPS) thus emerged as the natural goal to reach. In order to better support this objective and to help the reader to navigate the book contents, a taxonomy of the above-mentioned concepts is introduced, based on a set of three triads, including the well-known Confidentiality, Integrity, and AvailabilityAvailabilityIntegrityConfidentiality triad which was introduced in the Information Technology securitySecurity literature.
Cyber-physical system (CPS) has been widely adopted in modern industrial productions. Safety and security (S&S) play an important role in CPS, which assists the reliability of the system. Traditionally, safety and security risks were managed independently. As the development of cyber technology, S&S issues become complex and could affect each other in multiple ways. There is a strong need to develop a systematic method to manage safety and security risks simultaneously. In this work, a systematic method to integrately analyze S&S risks is proposed. Firstly, attack route models (ARM) as the root cause of typical cyber-threats are summarized from the literature together with their corresponding consequences in CPS. Secondly, in addition to commonly adopted physical safety prevention route (PSPR), cyber security prevention route (CSPR) based on ARM is developed to investigate the safety hazards and security threats. Then, safety critical variable analysis (SCVA) is proposed to quantify the S&S risk. Finally, SCVA, CSPR and PSPR are integrated via the bowtie method. The key contribution of the work is the method which simultaneously consider safety and security risk for CPS. In parallel. SCVA represents the working status of CPS devices, which would be useful to quantitatively determine the severity of consequence and further level of risk.
One of the main problems facing our planetary bodies is unexpected and sudden climate change due to continuously increasing global energy demand, which currently is being met by fossil fuels. Hydrogen is considered as one of the major energy solutions of the twenty-first century, capable of meeting future energy needs. Being 61a zero-emission fuel, it could reduce environmental impacts and craft novel energy opportunities. Hydrogen through fuel cells can be used in transport and distributed heating, as well as in energy storage systems. The transition from fossil-based fuels to hydrogen requires intensive research to overcome scientific and socio-economic barriers. The purpose of this paper is to reflect the current state, related issues, and projection of hydrogen and fuel elements within the conceptual framework of 61a future sustainable energy vision. An attempt has been made to compile in this paper the past hydrogen-related technologies, present challenges, and role of hydrogen in the future.
Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attacks. Abnormal behaviour in floodgates operated by ICS could be caused by both (intentional) attacks and (accidental) technical failures. When operators notice abnormal behaviour, they should be able to distinguish between those two causes to take appropriate measures, because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector. In this thesis, we developed the attack-failure distinguisher framework for constructing Bayesian Network (BN) models which enable operators to distinguish between those two causes, including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models. As a full case study of the attack-failure distinguisher framework, we constructed a BN model to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates, addressing the problem of floodgate operators. We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model. The constructed BN model is usable in water management infrastructures to distinguish between attacks and technical failures in case of incorrect sensor measurements. This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements.
The digitalization of the maritime sector is continuously growing, leading to increased automation, such as, the development of autonomous vessels. The Autonomous Passenger Ship (APS) is a characteristic instantiation of this development, aiming to transport people on urban waterways. Although emerging technologies deployed in such APS aim to facilitate the functions and operations of the navigation and communication systems, various safety and security risks are inherent to the communication infrastructure due to their interconnectivity. The aim of this work is to study the safety and cyber security of the communication system of an APS, namely the MilliAmpere2 APS. The six step model (SSM) is utilized to facilitate the joint analysis. The application of the SSM enables, among others, the capturing of relationships between cyber attacks and component failures, the assessment of safety and cyber security countermeasures, as well as, the synergies between them. It has been found that most countermeasures in both categories are reinforcing or are conditionally dependent on each other, while few antagonize each another. These findings will allow for improved design and implementation of integrated safety and security management solutions.
In absolute terms, the United States of America (US), by far, spends most on defence and is considered the world’s leading military power. Because of today’s diverging safety and security issues, in addition to the military dimension, nations find themselves challenged to come up with answers to cope with climate change, poverty, irregular migration and terrorism. This chapter investigates, from 2006 to 2016, the extent to which the US has operated ambidextrously, i.e. display equal skilfulness on various approaches in the safety and security domains. Using quantitative measures, we compare the absolute and relative US contributions to different safety and security dimensions (i.e. defence, poverty, migration and climate change) among the next 14 largest global military powers. We find the US scores almost persistently in the top 5 regarding safety and security. We conclude that during the Obama administration the US indeed operated ambidextrously in the safety and security domains.
This book examines change processes and the challenge of ambidexterity in military organizations. It discusses how military organizations can better adapt to the complex, and at times chaotic, environments they operate in by developing organizational ambidexterity. The authors identify various multiple tasks and functions of military organizations that require multi-dimensional and often contradictory operational, technological, cultural, and social skills. In analogy to the often-opposed functions performed by the right and left hand of the body, modern military organizations are no longer one-dimensional fighting machines, but characterized by a duality of tasks, such as fighting and peacekeeping which often make part and parcel of one and the same mission. The military is both a “hot” and a “cold” organization (a crisis management organization and a bureaucracy). As such, the book argues that these dualities are not necessarily opposed but can serve as complementary forces, like the yin and yang, to better the overall performance of these organizations. As a consequence, ambidextrous organizations excel at complex tasking and are adaptable to new challenges. Divided into four parts: 1) structures and networks; 2) cultural issues; 3) tasks and roles; 4) nations and allies, it appeals to scholars of military studies and organization studies as well as professionals working for governmental or military organizations.
This chapter discusses some of the research and management challenges related to the safety and security nexus. In the first part, we address the conceptual connections between safety and security and discuss how different perspectives on how they come together allows for characterizing the complexity and ambivalence of their interrelations. We then go on to identify tradeoffs between safety and security and show that these exist both in theory and practice. Managing both safety and security means tradeoffs and power relations between internal entities and professionals, but also beyond its own boundaries since some vulnerabilities escape the organization’s scope. In the final part of the chapter, we argue that addressing the interrelations between safety and security poses managerial and research challenges that call for global approaches to apprehend the multiple facets of the issue. We explain that little has been done on how the global trends of the risk society bring with them unanticipated and “hidden” effects on organizations safety and security practices and that it is here, as a macro-global oriented approach to organizational safety and security research, that the two fields of safety and security confront a shared research agenda.
The latest volume in the "SpringerBriefs in Safety Management" collection analyzes the methodological, organizational and institutional implications of approaching safety and security as separate issues, or of managing them in an integrated manner
With increased connectivity of safety-critical systems such as vehicles and industrial control systems, the importance of secure software rises in lock-step. Even systems that are traditionally considered to be non safety-critical can become safety-critical if they are willfully manipulated. In this paper, we identify 8 important security issues of automotive software based on a conceptually simple yet interesting example. The issues encompass problems from the design phase, including requirements engineering, to the choice of concrete parameters for an API. We then investigate how these issues are perceived by automotive security experts through a survey.
A number of qualitative and quantitative terms are used to describe the performance of what has come to be known as information systems, networks or infrastructures. However, some of these terms either have overlapping meanings or contain ambiguities in their definitions presenting problems to those who attempt a rigorous evaluation of the performance of such systems. The phenomenon arises because the wide range of disciplines covered by the term information technology have developed their own distinct terminologies. This paper presents a systematic approach for determining common and complementary characteristics of five widely-used concepts, dependability, fault-tolerance, reliability, security, and survivability. The approach consists of comparing definitions, attributes, and evaluation measures for each of the five concepts and developing corresponding relations. Removing redundancies and clarifying ambiguities will help the mapping of broad user-specified requirements into objective performance parameters for analyzing and designing information infrastructures.
A number of qualitative and quantitative terms are used to describe the performance of what has come to be known as information systems, networks or infrastructures. However, some of these terms either have overlapping meanings or contain ambiguities in their definitions presenting problems to those who attempt a rigorous evaluation of the performance of such systems. The phenomenon arises because the wide range of disciplines covered by the term information technology have developed their own distinct terminologies. This paper presents a systematic approach for determining common and complementary characteristics of five widely-used concepts, dependability, fault-tolerance, reliability, security, and survivability. The approach consists of comparing definitions, attributes, and evaluation measures for each of the five concepts and developing corresponding relations. Removing redundancies and clarifying ambiguities will help the mapping of broad user-specified requirements into objective performance parameters for analyzing and designing information infrastructures
Cyber-Physical Systems (CPS) are integrations of computation and physical processes. Embedded computers and networks monitor and control the physical processes, usually with feedback loops where physical processes affect computations and vice versa. The economic and societal potential of such systems is vastly greater than what has been realized, and major investments are being made worldwide to develop the technology. There are considerable challenges, particularly because the physical components of such systems introduce safety and reliability requirements qualitatively different from those in general- purpose computing. Moreover, physical components are qualitatively different from object-oriented software components. Standard abstractions based on method calls and threads do not work. This paper examines the challenges in designing such systems, and in particular raises the question of whether today's computing and networking technologies provide an adequate foundation for CPS. It concludes that it will not be sufficient to improve design processes, raise the level of abstraction, or verify (formally or otherwise) designs that are built on today's abstractions. To realize the full potential of CPS, we will have to rebuild computing and networking abstractions. These abstractions will have to embrace physical dynamics and computation in a unified way.
This paper gives the main definitions relating to dependability, a generic concept including a special case of such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures.
This paper deals with the important issue of proper treatment of information security for electric power utilities. It is based on the efforts of CIGRE Working Group (WG) D2.22 on ldquoTreatment of Information Security for Electric Power Utilities (EPUs)rdquo carried out between 2006 and 2008/2009. The WG produces a Technical Brochure (TB), where the purpose is to emphasize three main issues: security frameworks, risk assessment, and security technology. Here, guidance is given on different security frameworks based on an information security domain model. Also, baseline controls are treated. For risk assessment, a survey has been carried out. Only few commonalities, but several differences, have been found. Here, a methodology must be developed together with practical recommendations. For security technologies, guidance is given for deployment of different solutions, based on a logical diagram using different controls. Last, proposal on further work is given.
Interconnected and integrated electrical power systems, by their very dynamic nature are complex. These multifaceted systems are subject to a host of challenges (e.g. aging infrastructure, distributed resources, reliability coordination). Recent worldwide events have demonstrated that it is time to re-examine traditional planning, operating, system design, and protection and control application, coordination, and setting criteria, to identify and implement solutions and tools. This article describes the strategies to meet grid challenges in providing reliable power delivery. Solutions are offered through applications of modern technology, advanced feedback control schemes using wide area measurements, wide-area visualisation techniques, and intelligent operational tools using IEC-61850 and information semantics to improve grid reliability under complicated power system conditions. The goal is to provide a vision for a comprehensive and systematic approach to meeting the grid safety and reliability management challenges through new information services.
This document is known as EUROCAE ED-12B in Europe. [Rus81] John Rushby. The design and verification of secure systems. In 8th ACM Symposium on Operating System Principles, pages 12--21, Asilomar, CA, December 1981. (ACM Operating Systems Review , Vol. 15, No. 5). 60 Bibliography [MG90] William T. Maimone and Ira B. Greenberg. Single-level multiversion schedulers for multilevel secure database systems. In Proceedings of the Sixth Annual Computer Security Applications Conference, pages 137--147, ...
Modern cyber-physical systems are found in important domains such as automobiles, medical devices, building automation, avionics, etc.. Hence, they are increasingly prone to security violations. Often such vulnerabilities oc- cur as a result of contradictory requirements between the safety/real-time properties and the security needs of the sys- tem. In this paper we propose a formal framework that as- sists designers in detecting such conflicts early, thus in- creasing both, the safety and the security of the overall sys- tem.
analyze the cyber security of digital systems due to their ability to capture system specific as well as attacker specific details. Therefore, a methodology based on attack trees has been proposed to analyze the cyber security of the systems. The methodology has been applied for the Cyber Security Analysis (CSA) of a Bistable Processor (BP) of a Reactor Protection System (RPS). Threats have been described according to their source. Attack scenarios have been generated using the attack tree and possible counter measures according to the Security Risk Level (SRL) of each scenario have been suggested. Moreover, cyber Security Requirements (SRs) have been elicited, and suitability of the requirements has been checked.
Software safety issues become important when computers are used to control real-time, safety-critical processes. This survey attempts to explain why there is a problem, what the problem is, and what is known about how to solve it. Since this is a relatively new software research area, emphasis is placed on delineating the outstanding issues and research topics.
We consider the distinction between the terms 'safety' and 'security' in terms of the differences in causal structure and
in terms of the differences in the degree of harm caused. The discussion is illustrated by an analysis of a number of cases
of system failure where the safety and security issues seem, at least at first sight, to be difficult to disentangle.
The document takes into account the developments relating to the safety of nuclear power plants since the Code on Design was last revised. These developments include the issuing of the Safety Fundamentals publication, The Safety of Nuclear Installations, and the present revision of various safety standards and other publications relating to safety.
Dependability encompasses different classes of system properties,
related to security, reliability, or safety. This paper examines the
relevance of the security concept of noninterference to safety-related
properties, and conversely, the applicability of fault-tolerance
mechanisms usually applied to provide safety and reliability in the
security domain. We suggest promising lines of research in the
intersection of safety and security, in the application of security
concepts and models to different classes of safety or fault-tolerance
properties, and in the theory and practice of fault-tolerant systems
applied to intrusion tolerance
The development of techniques for quantitative, model-based evaluation of computer system dependability has a long and rich history. A wide array of model-based evaluation techniques is now available, ranging from combinatorial methods, which are useful for quick, rough-cut analyses, to state-based methods, such as Markov reward models, and detailed, discrete-event simulation. The use of quantitative techniques for security evaluation is much less common, and has typically taken the form of formal analysis of small parts of an overall design, or experimental red team-based approaches. Alone, neither of these approaches is fully satisfactory, and we argue that there is much to be gained through the development of a sound model-based methodology for quantifying the security one can expect from a particular design. In this work, we survey existing model-based techniques for evaluating system dependability, and summarize how they are now being extended to evaluate system security. We find that many techniques from dependability evaluation can be applied in the security domain, but that significant challenges remain, largely due to fundamental differences between the accidental nature of the faults commonly assumed in dependability evaluation, and the intentional, human nature of cyber attacks.
Approche comparative entre sûreté et sécurité nucléaires
Institut de Radioprotection et de Sûreté Nucléaire, Approche
comparative entre sûreté et sécurité nucléaires, Report (in
French) 2009/117, IRSN, Apr. 2009.
Power systems management and associated information exchange – data and communications security part 1: communication network and system security — introduction to security issues
International Electrotechnical Commission (IEC), Power systems management and associated information exchange –
data and communications security part 1: communication
network and system security — introduction to security issues, IEC 62351-1, May 2007.
National transmission grid study
- S Abraham
S. Abraham, National transmission grid study, US Department of Energy, May 2002.
Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience
European Commission, Protecting Europe from large scale
cyber-attacks and disruptions: enhancing preparedness,
security and resilience, Communications SEC (2009) 399 and
SEC (2009) 400, Mar. 2009.
International electrotechnical vocabulary — chapter 191: dependability and quality of service, IEC 60500-191 and first amendment
International Electrotechnical Commission (IEC), International electrotechnical vocabulary — chapter 191: dependability and quality of service, IEC 60500-191 and first amendment, Mar. 1999.
Cyber security program for power reactors, Std
Nuclear Energy Institute (NEI), Cyber security program for
power reactors, Std. NEI04-04, Feb. 2005.
Nuclear power plants -instrumentation and control systems important to safety -software aspects for computer-based systems performing category A functions
International Electrotechnical Commission (IEC), Nuclear
power plants -instrumentation and control systems
important to safety -software aspects for computer-based
systems performing category A functions, IEC 60880, 2nd
ed., May 2006.
Nuclear power plants – instrumentation and control systems important to safety – classification of instrumentation and control functions, IEC 61226
International Electrotechnical Commission (IEC), Nuclear
power plants – instrumentation and control systems
important to safety – classification of instrumentation and
control functions, IEC 61226, 2nd ed., Feb. 2005.
Information technology equipment – safety – part 1: general requirements , IEC 60950-1
International Electrotechnical Commission (IEC), Information technology equipment – safety – part 1: general requirements, IEC 60950-1, 2nd ed., Dec. 2005.
IEEE trial use standard for a cryptographic protocol for cyber security of substation serial links
Institute of Electrical and Electronics Engineers (IEEE), IEEE
trial use standard for a cryptographic protocol for cyber
security of substation serial links, IEEE P1711 (draft), 2007.
International Organization for Standardization (ISO) Information technology – security techniques – information security management systems — overview and vocabulary, IEC 27000
International Electrotechnical Commission (IEC) & International Organization for Standardization (ISO), Information technology – security techniques – information security management systems — overview and vocabulary, IEC
27000, May 2009.
Petroleum and natural gas industries -offshore production installations -basic surface process safety systems
International Organization for Standardization (ISO),
Petroleum and natural gas industries -offshore production
installations -basic surface process safety systems, ISO
10418, 2nd ed., Oct. 2003.
Protection of digital computer and communication systems and networks, Regulation 10 CFR73 part 54
US Nuclear Regulatory Commission (NRC), Protection
of digital computer and communication systems and
networks, Regulation 10 CFR73 part 54, Mar. 2009.
IEEE standard criteria for security systems for nuclear power generating stations
Institute of Electrical and Electronics Engineers (IEEE), IEEE
standard criteria for security systems for nuclear power
generating stations, IEEE Std 692-2010, Feb. 2010.
International: (Norway) OLF Guideline 104
- Gas Oil
- National
Oil and Gas
National:
International:
(Norway) OLF Guideline 104 [56]
ISO 10418 [57]
(US) API 1164 [58]
ISO 13702 [59]
ISO 17776 [60]
National
(Norway) NORSOK S-001 [61] and I-002 [62]
(Norway) OLF Guidelines 70 [63], 90 [64]
Safety oversight audit manual, Doc
International Civil Aviation Organization (ICAO), Safety
oversight audit manual, Doc. 9735, 2nd ed., 2006.
Nuclear power plants -instrumentation and control for systems important to safety -general requirements for systems
International Electrotechnical Commission (IEC), Nuclear
power plants -instrumentation and control for systems
important to safety -general requirements for systems, IEC
61513, Mar. 2001.
Cyber security standards, CIP-002-1 through CIP-009-1
North American Electric Reliability Council (NERC), Cyber
security standards, CIP-002-1 through CIP-009-1, 2006.
Safety and automation system (SAS), NORSOK Standard I-002
NORSOK, Safety and automation system (SAS), NORSOK
Standard I-002, May 2001.
International: Systems IEC62443 series [73,74] IEC61508 [75] (non sectoral) National: (US) NIST SP 800-82 [76] (US) NIST SP 800-53 (annex I) [77] (US) ANSI
- Industrial
Industrial control
International:
International:
Systems
IEC62443 series [73,74]
IEC61508 [75]
(non sectoral)
National:
(US) NIST SP 800-82 [76]
(US) NIST SP 800-53 (annex I) [77]
(US) ANSI/ISA99 00.01 [78]
(UK) CPNI SCADA GPG [79]
(continued on next page)
Railway applications — specification and demonstration of reliability , availability, maintainability and safety (RAMS), IEC 62278
International Electrotechnical Commission (IEC), Railway
applications — specification and demonstration of reliability, availability, maintainability and safety (RAMS), IEC
62278, Sep. 2002.
Technical safety, NORSOK Standard S-001
NORSOK, Technical safety, NORSOK Standard S-001, Jan.
2000.
Industrial communication networks – network and system security – part 1-1: terminology, concepts and models
International Electrotechnical Commission (IEC), Industrial
communication networks – network and system security
– part 1-1: terminology, concepts and models, Technical
Specification IEC/TS 62443-1-1, Jul. 2009.
Guidelines for the inclusion of security aspects in standards
International Organization for Standardization (ISO) &
International Electrotechnical Commission (IEC), Guidelines
for the inclusion of security aspects in standards, ISO/IEC
Guide 81 (draft), Dec. 2009.
IEEE standard criteria for digital computers in safety systems of nuclear power generating stations
Institute of Electrical and Electronics Engineers (IEEE), IEEE
standard criteria for digital computers in safety systems of
nuclear power generating stations, IEEE Std 7-4.3.2TM-2003,
Dec. 2003.
Cyber security programs for nuclear facilities, Regulatory Guide 5
US Nuclear Regulatory Commission (NRC), Cyber security
programs for nuclear facilities, Regulatory Guide 5.71, Jan.
2010.
Reliability Standards for the Bulk Electric Systems of North America
North American Electric Reliability Council (NERC), Reliability Standards for the Bulk Electric Systems of North America, Nov. 2009.
IEEE standard for substation intelligent electronic devices (IEDs) cyber security capabilities
Institute of Electrical and Electronics Engineers (IEEE), IEEE
standard for substation intelligent electronic devices (IEDs)
cyber security capabilities, IEEE Std 1686–2007, Dec. 2007.
Internet security glossary, version 2, Internet Engineering Task Force (IETF), RFC 4949
- R Shirey
R. Shirey, Internet security glossary, version 2, Internet
Engineering Task Force (IETF), RFC 4949, Aug. 2007.