Combining Models for Safety and Security Concerns in Automating Digital Production

Abstract

The IEC 62061:2021 standard requires production owners to ensure both functional safety and information security for their industrial applications. Unfortunately, traditional models of functional safety and information security have been designed in isolation and are difficult to combine. This paper introduces the Safety & Security Combination (SafeSecCombi) approach to combine models for functional safety and security concerns in automating digital production. SafeSecCombi (i) validates causes for desired and undesired effects regarding safety in an industrial production process by linking these causes to products, production processes, and production resources; (ii) identifies Industrial Internet of Things (IIoT) assets that can cause unsafe behavior in case of a successful security attack; and (iii) analyzes risks of security attacks to these IIoT assets. Therefore, SafeSecCombi provides a model for the combined analysis of safety and security concerns regarding a Cyber-Physical Production System (CPPS). In a feasibility study on an industrial work cell for metal processing with a collaborative robot, we evaluated the effectiveness and efficiency of the SafeSecCombi approach. Results indicate that the SafeSecCombi approach is feasible and effective, and provides safety and security experts with actionable, context-specific causes for security-related safety issues and countermeasures that are well grounded in engineering models, as a foundation to address the IEC 62061:2021 requirements.