Abstract
Cybersecurity and Safety co-engineering is at the heart of various ongoing works for the industry and deals with highly complex and connected systems. However, as this topic grows, few shared methodologies, standards and organizations exist to enable this co-engineering process. In this context, we had the opportunity to bring together both a Safety and a Cybersecurity team to work on methods of collaboration. This resulted in mutually sharing methods and tools between both teams, as well as experiencing the challenges of co-engineering. In this article, we suggest two types of approaches encouraging Cybersecurity and Safety co-engineering and interactions. In the first approach, a Safety team contributes to Cybersecurity activities as defined by EBIOS RM methodology. In the second approach, a Cybersecurity team contributes to Safety inputs for the Safety demonstration. Those approaches are mainly based on the ISO 26262 automotive standard and the EBIOS RM methodology, but they can be extended to any type of context. Alongside the proposed approaches, we suggest orientations and perspectives for future works.
This research work has been carried out within the framework of IRT SystemX, Paris-Saclay, France, and therefore granted with public funds within the scope of the French Program “Investissements d’Avenir”. Authors are listed alphabetically by last name.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Critical java flaw puts millions of organisations at risk. Netw. Secur. 2021(12), 1–2 (2021)
Aggregated Quality Assurance in Systems (AQUAS) Project: D3.2 combined safety, security and performance analysis and assessment techniques - preliminary. Technical report (2019)
Boyer, M., Chelim, T., Sobieraj, J.: Hybridization of safety and security for the design and validation of autonomous vehicles: where are we? In: ESREL 2021–31st European Safety and Reliability Conference (2021)
BSI: Pd clc/ts 50701: Railway applications - cybersecurity. En (2021)
Carreras Guzman, N.H., Kozine, I., Lundteigen, M.A.: An integrated safety and security analysis for cyber-physical harm scenarios. Saf. Sci. 144, 105458 (2021)
CENELEC: NF EN 50126-1: Railway applications - the specification and demonstration of reliability, availability, maintainability and safety (RAMS) - part 1: Generic RAMS process. En (2017)
CENELEC: Nf en 50129: Railway applications - communication, signalling and processing systems - safety related electronic systems for signalling. En (2018)
IEC: IEC 61508:2010 functional safety of electrical/electronic/programmable electronic safety-related systems. IEC (2010)
ISO 26262–1:2018: Road vehicles - functional safety. Standard, International Organization for Standardization, Geneva, CH (2018)
ISO/SAE 21434:2021: Road vehicles - cybersecurity engineering. Standard, International Organization for Standardization, Geneva, CH (2021)
Kavallieratos, G., Katsikas, S., Gkioulos, V.: Cybersecurity and safety co-engineering of cyberphysical systems - a comprehensive survey. Future Internet 12, 65 (2020)
Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A combined safety-hazards and security-threat analysis method for automotive systems. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 237–250. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24249-1_21
National Cybersecurity Agency of France (ANSSI): EBIOS Risk Manager - The method, https://www.ssi.gouv.fr/en/guide/ebios-risk-manager-the-method/
Paul, S., et al.: Recommendations for security and safety co-engineering (release n\(^{\circ }\)3) - part a. Technical report (2016)
Ponsard, C., Dallons, G., Massonet, P.: Goal-oriented co-engineering of security and safety requirements in cyber-physical systems. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 334–345. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45480-1_27
Sabaliauskaite, G., Adepu, S., Mathur, A.: A six-step model for safety and security analysis of cyber-physical systems. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) CRITIS 2016. LNCS, vol. 10242, pp. 189–200. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-71368-7_16
SAE International: Cybersecurity guidebook for cyber-physical vehicle systems (stabilized December 2021). Technical report (2021)
Sengupta, J., Ruj, S., Bit, S.D.: A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT. J. Netw. Comput. App. 149, 102481 (2020)
Skoglund, M., Warg, F., Sangchoolie, B.: In search of synergies in a multi-concern development lifecycle: safety and cybersecurity. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2018. LNCS, vol. 11094, pp. 302–313. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99229-7_26
The Institution of Engineering and Technology: Code of practice: Cyber security and safety. Technical report (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bajan, PM. et al. (2022). Proposal of Cybersecurity and Safety Co-engineering Approaches on Cyber-Physical Systems. In: Trapp, M., Saglietti, F., Spisländer, M., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2022. Lecture Notes in Computer Science, vol 13414. Springer, Cham. https://doi.org/10.1007/978-3-031-14835-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-14835-4_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-14834-7
Online ISBN: 978-3-031-14835-4
eBook Packages: Computer ScienceComputer Science (R0)