Safety and security risks management process for cyber-physical systems: A case study

Cyber-physical systems (CPS) are applicable in emerging industries such as health, energy, autonomous vehicles, and Industrial Internet of Things (IIOT). In CPS the physical assets, that is, actuators and sensors, etc. communicate with each other over a messaging protocol. This communication process of CPS makes them vulnerable to cyber-attacks which challenge the system safety, making security and safety two major concerns for CPS. Both safety and security risks are considered separately in literature. However, the International Society of Automation (ISA) focuses on the alignment of security and safety risks of CPS. Weak or no alignment in safety and security of a system may result in an inefficient or partially protected system which could end up in disasters. This pressed the need for an integrated safety-security risk management process. For this purpose, we used a tetra packaging case study to (i) examine the vulnerabilities of CPS by running the risk management process, (ii) identify safety-security requirements, and (iii) align retrieved safety-security requirements with the relevant standards. The results show (i) safety hazards and security risks along with their severity and priority, (ii) mitigation guidelines are provided by consulting IEC 61508, and (iii) 15 safety-security requirements are identified and are aligned with ISO9001 Packaging and labeling machine standard.