Over recent years, the call for digitalization and automation resulted in an increasing attention towards human-machine interactions and cooperation. Automation technologies opens new challenge towards this new environment in which human agents stand with wise and interconnected devices, stressing the need to acknowledge a cyber-socio-technical - rather than disjoint social, pure physical – dimension (Patriarca et al., 2021). If on one hand the systems that are more prone to human slips and lapses might benefit from this transformation, on the other, the same systems might suffer from unexpected new threats and disruptions. These latter emerge as a result of the tight interactions between the physical world and the Information Technology (IT) sphere. A cyber security issue does not necessarily refer to data or information leakage anymore, but it can have tangible consequences, too. In this context, the System-Theoretic Process Analysis for Security (STPA-Sec) represents a increasingly recognized valuable tool for security risk assessment (Patriarca et al., 2022a; Young and Leveson, 2013) . STPA-Sec extends the Systems-Theoretic Accident Modelling and Processes (STAMP) model considering cyber threats, identifying unsafe and unsecure controls throughout a cyber socio-technical system, and assisting in the definition of the requirements for technological failures and cyber attacks. Despite its large usage as a descriptive tool, there is still limited use of STPA-Sec in (semi-)quantitative terms. To contribute to this research path, we present System-Theoretic Process Analysis for Security with Simulations (STPA-Sec/S), a methodological support extending STPA-Sec with quantitative resilience assessment based on simulation models. The methodology is instantiated in a demonstrative case study of a water treatment plant, and its critical CPSs which may impact both community health, and environment. The obtained results show how STPA-Sec/S foster systems understanding, allow a systematic identification of its major criticalities, and the respective quantification.

System-Theoretic Process Analysis for Security with Simulations (STPA-Sec/S): Combining STPA-Sec with simulation-based resilience assessment / Simone, Francesco; NAKHAL AKEL, ANTONIO JAVIER; DI GRAVIO, Giulio; Patriarca, Riccardo. - (2022), pp. 1-6. (Intervento presentato al convegno 10th European STAMP Workshop and Conference 2022 tenutosi a Gdynia, Polonia).

System-Theoretic Process Analysis for Security with Simulations (STPA-Sec/S): Combining STPA-Sec with simulation-based resilience assessment

Francesco Simone;Antonio Javier Nakhal Akel;Giulio Di Gravio;Riccardo Patriarca
2022

Abstract

Over recent years, the call for digitalization and automation resulted in an increasing attention towards human-machine interactions and cooperation. Automation technologies opens new challenge towards this new environment in which human agents stand with wise and interconnected devices, stressing the need to acknowledge a cyber-socio-technical - rather than disjoint social, pure physical – dimension (Patriarca et al., 2021). If on one hand the systems that are more prone to human slips and lapses might benefit from this transformation, on the other, the same systems might suffer from unexpected new threats and disruptions. These latter emerge as a result of the tight interactions between the physical world and the Information Technology (IT) sphere. A cyber security issue does not necessarily refer to data or information leakage anymore, but it can have tangible consequences, too. In this context, the System-Theoretic Process Analysis for Security (STPA-Sec) represents a increasingly recognized valuable tool for security risk assessment (Patriarca et al., 2022a; Young and Leveson, 2013) . STPA-Sec extends the Systems-Theoretic Accident Modelling and Processes (STAMP) model considering cyber threats, identifying unsafe and unsecure controls throughout a cyber socio-technical system, and assisting in the definition of the requirements for technological failures and cyber attacks. Despite its large usage as a descriptive tool, there is still limited use of STPA-Sec in (semi-)quantitative terms. To contribute to this research path, we present System-Theoretic Process Analysis for Security with Simulations (STPA-Sec/S), a methodological support extending STPA-Sec with quantitative resilience assessment based on simulation models. The methodology is instantiated in a demonstrative case study of a water treatment plant, and its critical CPSs which may impact both community health, and environment. The obtained results show how STPA-Sec/S foster systems understanding, allow a systematic identification of its major criticalities, and the respective quantification.
2022
10th European STAMP Workshop and Conference 2022
04 Pubblicazione in atti di convegno::04d Abstract in atti di convegno
System-Theoretic Process Analysis for Security with Simulations (STPA-Sec/S): Combining STPA-Sec with simulation-based resilience assessment / Simone, Francesco; NAKHAL AKEL, ANTONIO JAVIER; DI GRAVIO, Giulio; Patriarca, Riccardo. - (2022), pp. 1-6. (Intervento presentato al convegno 10th European STAMP Workshop and Conference 2022 tenutosi a Gdynia, Polonia).
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1667748
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact