Sign In

Advanced technologies for productivity-driven lifecycle services and partnerships in a businessnetwork

Results

​Risk assessment of machinery system with respect to safety and cyber-security

Authors: Timo Malm, Toni Ahonen & Tero Välisalo

Download the report: Safety_and_security_assessmentReportSgn19.3.2018 (002).pdf

 

SUMMARY

This report is related to the concern that a cyber-security risk could cause a safety risk and

furthermore an accident. There is already a tradition for how to treat safety risks related to

automated machinery, but cyber-security is quite new aspect. A cyber-security issue can

cause malfunction of a safety function or inherently safe design can be somehow bypassed.

When looking the risks in details, it can be seen that the cyber-security/safety risk of

automation is usually related to the safety integrity, availability or response time of the

safety-related control system. Furthermore, the cyber-security issue is usually related to

software and human access to the system.

The risk assessment processes for safety and cyber-security have similar phases, but the

point of view is different. The cause of an incident is from the safety point of view usually

failure, misuse or disturbance of a system whereas from the cyber-security point of view an

incident may originate from a threat and vulnerability and in most cases human is causing it.

We conclude that it would be difficult to benefit from a complete integration of safety and

cyber-security risk assessment processes into a single analysis, because there would be so

many aspects to consider and only few mutual effects. lt is recommended that the risks

assessments are compiled separately, however, any identified safety-critical cyber-security

issues should be added to the safety risk assessment process and associated risk treatment

be validated according to safety process. The conclusion related to functional safety and

cybersecurity can be mutual.