Hollerer, S., Chabrova, M., Sauter, T., & Kastner, W. (2022). Combined Modeling Techniques for Safety and Security in Industrial Automation: A Case Study. In 2022 15th International Conference on Security of Information and Networks (SIN) (pp. 1–4). https://doi.org/10.1109/SIN56466.2022.9970541
The interconnection of automation technology with IT systems, also referred to as Industry 4.0, enables cyber attacks to impact safety (e.g., TRITON malware). Conversely, installed safety functions and requirements may also affect security requirements (e.g., the emergency stop function has to be avail-able without prior authentication and authorization). Therefore, threat modeling (TM) methods considering security, safety, and their interdependence are needed to get a comprehensive view of potential flaws of an industrial architecture. This paper presents a case study of the TM methods STRIDE-LM and Failure-Attack-CounTermeasure (FACT) graph w.r.t. the identification of safety and security flaws and their interdependence, with the aim to provide an impression of possible solutions to the described problem. The study was applied to a use case derived from a stakeholder analysis showing common characteristics and requirements of industrial automation systems. As STRIDE-LM was designed only to consider security flaws, it was extended to cover safety aspects as well. Preliminary results of the application of the TM methods show differences in efficiency, precision, and the granularity of information provided.
