Cyber LOPA: An Integrated Approach for the Design of Dependable and Secure Cyber Physical Systems. (arXiv:2006.00165v3 [cs.CR] UPDATED)

Safety risk assessment is an essential process to ensure a dependable
Cyber-Physical System (CPS) design. Traditional risk assessment considers only
physical failures. For modern CPS, failures caused by cyber attacks are on the
rise. The focus of latest research effort is on safety-security lifecycle
integration and the expansion of modeling formalism for risk assessment to
incorporate security failures. The interaction between safety and security and
its impact on the overall system design, as well as the reliability loss
resulting from ignoring security failures are some of the overlooked research
questions. This paper addresses these research questions by presenting a new
safety design method named Cyber Layer Of Protection Analysis (CLOPA) that
extends existing LOPA framework to include failures caused by cyber attacks.
The proposed method provides a rigorous mathematical formulation that expresses
quantitatively the trade-off between designing a highly-reliable versus a
highly-secure CPS. We further propose a co-design lifecycle process that
integrates the safety and security risk assessment processes. We evaluate the
proposed CLOPA approach and the integrated lifecycle on a practical case study
of a process reactor controlled by an industrial control testbed, and provide a
comparison between the proposed CLOPA and current LOPA risk assessment
practice.