This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Enriching Systems Theory Based Cyber-Security and Safety Analysis Using Stakeholder Value Networks
ISSN: 0148-7191, e-ISSN: 2688-3627
Published April 14, 2020 by SAE International in United States
This content contains downloadable datasetsAnnotation ability available
System-theoretic process analysis for security (STPA-Sec) is a powerful safety and security analysis method that focuses on unsafe and unsecure interactions between subsystems rather than component failure and its resulting chain-of-event failure modes. The first step of STPA-Sec requires the analyst to identify the system boundary and list the system losses and hazards. Current approach to performing this first and critical step of STPA-Sec requires interviewing the stakeholders and could potentially result in a narrow focus due to stakeholder’s mental model and resulting answers to questions. In some cases, stakeholders are not available for interviews and we risk influencing the system loss identification by the mental model of the analyst. We believe these two potential issues in the STPA-Sec analysis: narrow focus and missing access to stakeholder, can be address by factoring additional system information through stakeholder analysis. To illustrate the benefit of this approach a mining system is considered. Stakeholders in the mining system are identified and then classified based on the role that they play in the expected emergent behavior of the system. Stakeholder needs are identified and ranked. A stakeholder value network (map) is created with stakeholder as nodes and value exchanges between them representing the connections. A ranked list of value exchanges is created based on the impact of cybersecurity on the stakeholder map. System level-losses are identified from high impact value exchanges, which can then be fed into the step 1 of STPA-Sec analysis. A system level goal statement, derived from the stakeholder analysis, is used as a guiding statement and an aid in drawing a boundary around the system.
CitationSidhu, A. and Moulton, A., "Enriching Systems Theory Based Cyber-Security and Safety Analysis Using Stakeholder Value Networks," SAE Technical Paper 2020-01-0143, 2020, https://doi.org/10.4271/2020-01-0143.
Data Sets - Support Documents
|[Unnamed Dataset 1]|
|[Unnamed Dataset 2]|
- Shortell, T. , INCOSE Systems Engineering Handbook: A Guide for System Life Cycle Processes and Activities (John Wiley & Sons, 2015).
- Young, W. and Leveson, N. , “An Integrated Approach to Safety and Security Based on Systems Theory,” Commun. ACM 57(2):31-35, 2014.
- Sidhu, A. , “Application of STPA-Sec for Analyzing Cybersecurity of Autonomous Mining Systems”, MIT Thesis, Cambridge, 2019.
- Leveson, N. , Engineering a Safer World: Systems Thinking Applied to Safety (Cambridge, MA: MIT Press, 2011).
- Leveson, N. and Thomas, J. , STPA Handbook (Cambridge, MA, 2018).
- Cameron, B., Selva, D., and Crawley, E. , System Architecture: Strategy and Product Development for Complex Systems (Hoboken, NJ: Pearson Higher Education, 2016), 210-211.
- edX , “The Business of Mining”, 2018.
- Fites, D. , “Make Your Dealers Your Partners,” Harvard Business Review, 1996.
- Caterpillar Inc. , “Caterpillar Form 10-K,” United States Securities and Exchange Commission, 2017.
- National Mining Association , “Mission and Objectives,” 2018, [Online], available at: https://nma.org/about-nma/mission-objectives/.
- United Mine Workers of America , “UMWA- Who We Represent,” 2018, [Online], available at: http://umwa.org/about/who-we-represent/.
- Society of Automotive Engineers , “J3016: Taxonomy and Definitions for Terms Related to On-Road Motor Vehicle Automated Driving Systems”, 2014.
- United States Environmental Protection Agency , “Regulatory Information By Sector- Mining,” 2018, [Online], available at: https://www.epa.gov/regulatory-information-sector/mining-except-oil-and-gas-sector-naics-212.
- Mine Safety and Health Administration , “Mission,” 20 01 2018, [Online], available at: https://www.msha.gov/about/mission.
- National Highway Traffic Safety Administration , “Cybersecurity Best Practices for Modern Vehicles,” 2018, [Online], available at: https://www.nhtsa.gov/.
- Dori, D. , Object-Process Methodology: A Holistic Systems Paradigm (Springer Science & Business Media, 2011).
- Dori, D., Linchevski, C., and Manor, R. , “OPCAT-An Object-Process CASE Tool for OPM-Based Conceptual Modelling,” in 1st International Conference on Modelling and Management of Engineering Processes, 2010.
- Matzler, K. and Hinterhuber, H. , “How to Make Product Development Projects More Successful by Integrating Kano’s Model of Customer Satisfaction Into Quality Function Deployment,” Technovation 18(1):25-38, 1998.