Combined Safety and Security Risk Analysis using the UFoI-E method: A Case Study of an Autonomous Surface vessel
MetadataVis full innførsel
Many standards consider safety and security risk analysis as separate fields, specifying the system specific safety or security issues and methods to analyze them. Having these separated fields of safety and security standards complicates the risk analysis of cyber-physical systems (CPSs), where safety and security issues coexist within the integrated layers of the system. Even though several integrated safety and security analysis methods exist in the literature, they are not tailored to assess the complex and tight interactions among the CPS layers and the system’s surrounding environments. Therefore, this paper describes a method to conduct a combined safety and security risk analysis in CPSs for safety verification. Namely, we propose the Uncontrolled Flows of Information and Energy (UFoI-E) method, introducing novel diagrammatic representations to consider the dependencies within a CPS and its surrounding environments. As a case study, this paper describes a risk analysis of the collision avoidance function of an autonomous surface vessel, proving the convenience of examining the safety of autonomous vessels as safe and secure CPSs. The results of this paper may be input to new revisions and initiatives on new standards combining safety and security analysis.