STPA-SafeSec: Safety and security analysis for cyber-physical systems

Abstract Cyber-physical systems tightly integrate physical processes and information and communication technologies. As today's critical infrastructures, e.g., the power grid or water distribution networks, are complex cyber-physical systems, ensuring their safety and security becomes of paramount importance. Traditional safety analysis methods, such as HAZOP, are ill-suited to assess these systems. Furthermore, cybersecurity vulnerabilities are often not considered critical, because their effects on the physical processes are not fully understood. In this work, we present STPA-SafeSec, a novel analysis methodology for both safety and security. Its results show the dependencies between cybersecurity vulnerabilities and system safety. Using this information, the most effective mitigation strategies to ensure safety and security of the system can be readily identified. We apply STPA-SafeSec to a use case in the power grid domain, and highlight its benefits.

[1]  Jean-Claude Laprie,et al.  Modelling Interdependencies Between the Electricity and Information Infrastructures , 2007, SAFECOMP.

[2]  Nancy G. Leveson,et al.  Engineering a Safer World: Systems Thinking Applied to Safety , 2012 .

[3]  Paul Smith,et al.  A Cyber-Physical Security Analysis of Synchronous-Islanded Microgrid Operation , 2015, ICS-CSR.

[4]  Toby Considine,et al.  Understanding Microgrids as the Essential Architecture of Smart Energy , 2012 .

[5]  Nancy G. Leveson,et al.  A new accident model for engineering safer systems , 2004 .

[6]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[7]  Peter Maynard,et al.  Investigating cyber-physical attacks against IEC 61850 photovoltaic inverter installations , 2015, 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation (ETFA).

[8]  G. Manimaran,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems , 2008, IEEE Transactions on Power Systems.

[9]  Bruce Schneier,et al.  Toward a secure system engineering methodolgy , 1998, NSPW '98.

[10]  Conversion and delivery of electrical energy in the 21st century , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[11]  John P. Thomas,et al.  Extending and automating a systems-theoretic hazard analysis for requirements generation and analysis , 2013 .

[12]  H. Farhangi,et al.  The path of the smart grid , 2010, IEEE Power and Energy Magazine.

[13]  D.J. Morrow,et al.  Internet based phasor measurement system for phase control of synchronous islands , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[14]  Hui Hu,et al.  A study of GPS jamming and anti-jamming , 2009, 2009 2nd International Conference on Power Electronics and Intelligent Transportation System (PEITS).

[15]  G. Manimaran,et al.  Cybersecurity for Critical Infrastructures: Attack and Defense Modeling , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[16]  Deepa Kundur,et al.  Towards modelling the impact of cyber attacks on a smart grid , 2011, Int. J. Secur. Networks.

[17]  Siddharth Sridhar,et al.  Cyber–Physical System Security for the Electric Power Grid , 2012, Proceedings of the IEEE.

[18]  Vasilis Fthenakis,et al.  Hazard and operability (HAZOP) analysis. A literature review. , 2010, Journal of hazardous materials.

[19]  H. G Lawley Operability Studies and Hazard Analysis , 1974 .

[20]  Roberto Turri,et al.  Temporary islanded operation of dispersed generation on distribution networks , 2004, 39th International Universities Power Engineering Conference, 2004. UPEC 2004..

[21]  Stamatis Karnouskos,et al.  Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[22]  Nancy G. Leveson,et al.  Systems thinking for safety and security , 2013, ACSAC.

[23]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[24]  Husheng Li,et al.  Time Synchronization Attack in Smart Grid: Impact and Analysis , 2013, IEEE Transactions on Smart Grid.

[25]  Naima Kaabouch,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[26]  Nancy G. Leveson,et al.  Inside Risks An Integrated Approach to Safety and Security Based on Systems Theory , 2013 .

[27]  Zhuo Lu,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[28]  Holly Duckworth,et al.  Social Responsibility: Failure Mode Effects and Analysis , 2010 .

[29]  Peter Crossley,et al.  Universal Application of Synchronous Islanded Operation , 2008 .

[30]  Igor Nai Fovino,et al.  Effects of intentional threats to power substation control systems , 2008, Int. J. Crit. Infrastructures.

[31]  Barbara Kordy,et al.  DAG-based attack and defense modeling: Don't miss the forest for the attack trees , 2013, Comput. Sci. Rev..

[32]  Thomas H. Morris,et al.  Modeling Cyber-Physical Vulnerability of the Smart Grid With Incomplete Information , 2013, IEEE Transactions on Smart Grid.