Formalized Risk Assessment for Safety and Security

TL;DR

This paper introduces a formalized, simulation-based risk assessment method for safety and security that distinguishes between accidental and intentional failures, applicable to complex systems like power grids.

Contribution

It develops a unified risk assessment approach using the DEVS paradigm, integrating safety and security considerations with a focus on simulation-based analysis.

Findings

The method effectively differentiates between accidental and malicious failures.

It aligns with traditional risk notions, ensuring plausibility.

Application to power grids demonstrates practical advantages.

Abstract

The manifold interactions between safety and security aspects makes it plausible to handle safety and security risks in an unified way. The paper develops a corresponding approach based on the discrete event systems (DEVS) paradigm. The simulation-based calculation of an individual system evolution path provides the contribution of this special path of dynamics to the overall risk of running the system. Accidentally and intentionally caused failures are distinguished by the way, in which the risk contributions of the various evolution paths are aggregated to the overall risk. The consistency of the proposed risk assessment method with 'traditional' notions of risk shows its plausibility. Its non-computability, on the other hand, makes the proposed risk assessment better suitable to the IT security domain than other concepts of risk developed for both safety and security. Power grids are discussed as an application example and demonstrates some of the advantages of the proposed method.