This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Enriching systems theory based cyber-security and safety analysis using stakeholder value networks
ISSN: 0148-7191, e-ISSN: 2688-3627
To be published on April 14, 2020 by SAE International in United States
System-theoretic process analysis for security (STPA-Sec) is a powerful safety and security analysis method that focuses on unsafe and unsecure interactions between subsystems rather than component failure and its resulting chain-of-event failure modes. The first step of STPA-Sec requires the analyst to identify the system boundary and list the system losses and hazards. Current approach to performing this first and critical step of STPA-Sec requires interviewing the stakeholders and could potentially result in a narrow focus due to stakeholder’s mental model and resulting answers to questions. In some cases, stakeholders are not available for interviews and we risk influencing the system loss identification by the mental model of the analyst. We believe these two potential issues in the STPA-Sec analysis: narrow focus, and missing access to stakeholder can be address by factoring additional system information through stakeholder analysis. To illustrate the benefit of this approach a mining system with autonomous haul trucks is considered. Stakeholders in the mining system are identified and then classified based on the role that they play in the expected emergent behavior of the system. Stakeholder needs are identified and ranked. A stakeholder value network (map) is created with stakeholder as nodes and value exchanges between them representing the connections. A ranked list of value exchanges is created based on the impact of cybersecurity on the stakeholder map. System level losses are identified from high impact value exchanges, which can then be fed into the step 1 of STPA-Sec analysis. A system level goal statement is also derived from the stakeholder analysis.