Towards a Comprehensive Ontology Considering Safety, Security, and Operation Requirements in OT

Abstract

The convergence of Information Technology (IT) and Operational Technology (OT) increases the interdependencies of operation, safety, and security requirements of OT systems. Cyber attacks may interfere with safety functionality which may lead to severe injuries. A possible conflict between safety and security is the usage of authentication. A safety requirement for machinery is violated if a safety function is not accessible at all times (e.g., due to the usage of authentication). There is a variety of standards and best practices on how to implement security or safety from an isolated viewpoint. Some standards even consider safety and security or link at least to other standards when the other domain has to be considered. However, there is no integrated approach to address conflicts between safety and security. Other relevant domains needed for risk or site managers (e.g., operation, product quality, risk evaluation, and risk treatment) are not addressed in a single holistic standard or approach. Without holistic guidance, risk managers are forced to solve this issue manually on best effort or include knowledge of domain experts who provide their expertise which is typically bound to a single domain in scope of the manager’s interest. Due to the complex interdisciplinary interplay of these domains, knowledge representation using ontologies may be key to model all relations and constraints needed for risk or state managers to consider in their risk managing business process. Therefore, this work presents the results of a literature survey analyzing several ontologies considering at least one relevant domain to address when performing risk management at OT systems.