Cyber LOPA: An Integrated Approach for the Design of Dependable and Secure Cyber Physical Systems
This addresses the overlooked integration of safety and security lifecycles for CPS designers, though it is incremental as it builds on existing LOPA frameworks.
The paper tackles the problem of designing dependable and secure Cyber-Physical Systems by extending the LOPA framework to include cyber attack failures, resulting in a method that quantitatively expresses the trade-off between reliability and security. It evaluates this approach on a practical case study of a process reactor, comparing it to current LOPA practices.
Safety risk assessment is an essential process to ensure a dependable Cyber-Physical System (CPS) design. Traditional risk assessment considers only physical failures. For modern CPS, failures caused by cyber attacks are on the rise. The focus of latest research effort is on safety-security lifecycle integration and the expansion of modeling formalisms for risk assessment to incorporate security failures. The interaction between safety and security lifecycles and its impact on the overall system design, as well as the reliability loss resulting from ignoring security failures are some of the overlooked research questions. This paper addresses these research questions by presenting a new safety design method named Cyber Layer Of Protection Analysis (CLOPA) that extends existing LOPA framework to include failures caused by cyber attacks. The proposed method provides a rigorous mathematical formulation that expresses quantitatively the trade-off between designing a highly-reliable versus a highly-secure CPS. We further propose a co-design lifecycle process that integrates the safety and security risk assessment processes. We evaluate the proposed CLOPA approach and the integrated lifecycle on a practical case study of a process reactor controlled by an industrial control testbed, and provide a comparison between the proposed CLOPA and current LOPA risk assessment practice.