Increasing digitalization and autonomous solutions in physical systems promise to enhance their performance, cost-efficiency and reliability. However, the integration of novel information technologies with safety-related systems also brings new vulnerabilities and risks that challenge the traditional field of safety analysis. Particularly, cyber security threats are becoming key factors in complex accident scenarios in cyber-physical systems (CPSs), where unintentional errors and design flaws overlap with cyber security vulnerabilities that could lead to harm to humans and assets. This overlap between safety and security analysis is still a loosely defined domain without established theories and methods, leading to complications during the risk analysis of CPSs. In this paper, we first describe how the domain of safety science increasingly overlaps with security analysis. Subsequently, based on this overlapping, we illustrate and complement an integrated method for the identification of harm scenarios in CPSs. This method, coined Uncontrolled Flows of Information and Energy (UFoI-E), offers a distinct theoretical foundation rooted in accident causation models and a framework to design diagrammatic representations of CPSs during the analysis. After summarizing these features of the UFoI-E method, we present our original contribution to the method, which is a new practical toolkit for risk identification composed of an ontology of harm scenarios and a database of checklists built from lessons learned analysis and expert knowledge. Finally, we demonstrate an application of the method in an illustrative case and show representative fields for future work.
- Cyber-Physical Systems (CPSs)
- Autonomous Systems
- Cyber-Physical Harm Analysis for Safety and Security (CyPHASS)
- Bowtie Method