A goal-driven approach for the joint deployment of safety and security standards for operators of essential services

A goal-driven approach for the joint deployment of safety and security standards for operators of essential services

Ponsard C., Grandclaudon J., Massonet P., A goal-driven approach for the joint deployment of safety and security standards for operators of essential services. J Softw Evol Proc. 2021 ;e2338. https://doi.org/10.1002/smr.2338

Date: 1er avril 2021

Publication: Publications scientifiques 

Expertises:

Ingénierie des systèmes IT complexes 

Algorithmique et Optimisation Combinatoire 

Thème d'innovation: Cyber Sécurité 

Asset: Oscar.CBLS 

A propos du projet: DIGITRANS 

Designing safety-critical software in domains ensuring essential services like transportation, energy, or health requires high assurance techniques and compliance with domain specific standards. As a result of the global interconnectivity and the evolution toward cyber-physical systems, the increasing exposure to cyber threats calls for the adoption of cyber security standards and frameworks. Although safety and security have different cultures, both fields share similar concepts and tools and are worth being investigated together. This paper provides the background to understand emerging co-engineering approaches. It advocates for the use of a model-based approach to provide a sound risk-oriented process and to capture rationales interconnecting top-level standards/directives to concrete safety/security measures. We show the benefits of adopting goal-oriented analysis that can be transposed later to domain-specific frameworks. Both qualitative and quantitative reasoning aspects are analyzed and discussed, especially to support trade-off analysis. Our work is driven by a representative case study in drinking water utility in the scope of the NIS regulation for operator of essential services.

DOI