Towards a Zero Trust Hybrid Security and Safety Risk Analysis Method

Abstract Designing and improving the resilience of complex sociotechnical/cyber-physical systems is not a simple task. Interdependencies between engineering domains can lead to emerging behavior which is difficult to predict and handle. Early identification of safety and security weaknesses of a safety-critical system leads to reduced redesign costs in later design phases. The scientific contribution of this paper is a method for early combined safety and security assessment based on interdisciplinary dependency models of the system. The focus is on the factors contributing to the estimation of the probabilities of successful attacks to system components. The Zero Trust paradigm is applied, in which all humans part of, or external to, the system pose a security risk. The estimation of security-related probabilities enables a combined safety and security overall risk calculation for the probability of losing specific key components or safety functions. The calculation of the security-related probabilities is a dynamic and difficult process that heavily depends on the domain and current global security environment. The methodology of this paper is demonstrated with a fictional case study of a spent fuel pool cooling system. The results of the case study showed that the overall risk of losing one key system component doubled when combining security and safety compared to only assessing safety events.