Visible to the public Early Combined Safety - Security Defense in Depth Assessment of Complex Systems

TitleEarly Combined Safety - Security Defense in Depth Assessment of Complex Systems
Publication TypeConference Paper
Year of Publication2020
AuthorsPapakonstantinou, N., Linnosmaa, J., Bashir, A. Z., Malm, T., Bossuyt, D. L. V.
Conference Name2020 Annual Reliability and Maintainability Symposium (RAMS)
Date PublishedJan. 2020
ISBN Number978-1-7281-3690-5
Keywordsadditional system complexity, combined Safety - Security Defense in Depth Assessment, complex critical infrastructures, complex system, complex systems, computer security, concurrent safety, critical infrastructures, defense in depth, dependency model, early assessment, early conceptual design, expert systems, Human Behavior, inter-system dependencies, interdisciplinary system dependencies, Large-scale systems, pubcrawl, resilience, Resiliency, Safety, Scalability, security, security assessments, security attributes, security defenses, security design weaknesses, system design life-cycle phases, system engineer, Tools, traditional security research, Unified modeling language

Safety and security of complex critical infrastructures is very important for economic, environmental and social reasons. The interdisciplinary and inter-system dependencies within these infrastructures introduce difficulties in the safety and security design. Late discovery of safety and security design weaknesses can lead to increased costs, additional system complexity, ineffective mitigation measures and delays to the deployment of the systems. Traditionally, safety and security assessments are handled using different methods and tools, although some concepts are very similar, by specialized experts in different disciplines and are performed at different system design life-cycle phases.The methodology proposed in this paper supports a concurrent safety and security Defense in Depth (DiD) assessment at an early design phase and it is designed to handle safety and security at a high level and not focus on specific practical technologies. It is assumed that regardless of the perceived level of security defenses in place, a determined (motivated, capable and/or well-funded) attacker can find a way to penetrate a layer of defense. While traditional security research focuses on removing vulnerabilities and increasing the difficulty to exploit weaknesses, our higher-level approach focuses on how the attacker's reach can be limited and to increase the system's capability for detection, identification, mitigation and tracking. The proposed method can assess basic safety and security DiD design principles like Redundancy, Physical separation, Functional isolation, Facility functions, Diversity, Defense lines/Facility and Computer Security zones, Safety classes/Security Levels, Safety divisions and physical gates/conduits (as defined by the International Atomic Energy Agency (IAEA) and international standards) concurrently and provide early feedback to the system engineer. A prototype tool is developed that can parse the exported project file of the interdisciplinary model. Based on a set of safety and security attributes, the tool is able to assess aspects of the safety and security DiD capabilities of the design. Its results can be used to identify errors, improve the design and cut costs before a formal human expert inspection. The tool is demonstrated on a case study of an early conceptual design of a complex system of a nuclear power plant.

Citation Keypapakonstantinou_early_2020