CNR Author
operator:
and / or
Typology
operator:
and / or
Language
operator:
and / or
Date
operator:
and / or
Rights
operator:
and / or
2023
Journal article
Open Access
Safety and cybersecurity assessment techniques for critical industries: a mapping study
Babeshko I, Di Giandomenico F
The paper presents a mapping study of safety and cybersecurity assessment techniques used in critical industries such as nuclear power plants, the oil and gas sector, autonomous vehicles, railways, etc., with particular emphasis on instrumentation and control systems (I&C). Modern I&Cs are complex electronic systems comprising thousands of components, therefore their reliability and safety when employed in critical application domains are challenging. With the development and integration of Industry 4.0 technologies such systems become more open for communication and flexible usage due to gradual interconnection with public networks and the Internet, but new cybersecurity and safety challenges are introduced. This paper states research questions and provides analysis results of recent relevant sources. Initially, 320 records (acquired between 2018 and 2022 inclusive) were identified. Later on, 187 studies were processed to check eligibility criteria. Overall, this mapping study includes 49 papers, after examining the pre-defined criteria and guidelines. The results of the analysis performed allow to systemize techniques being utilized in practice right now, as well as to identify trends of further techniques development. In fact, although the techniques used are not novel and most of them have been used for decades, our study shows that there are still some new trends in this field. In particular, the unified safety and cybersecurity assessment technique is a promising research direction, worth further investigation.Source: IEEE ACCESS, vol. 11, pp. 83781-83793
Babeshko I, Di Giandomenico F
The paper presents a mapping study of safety and cybersecurity assessment techniques used in critical industries such as nuclear power plants, the oil and gas sector, autonomous vehicles, railways, etc., with particular emphasis on instrumentation and control systems (I&C). Modern I&Cs are complex electronic systems comprising thousands of components, therefore their reliability and safety when employed in critical application domains are challenging. With the development and integration of Industry 4.0 technologies such systems become more open for communication and flexible usage due to gradual interconnection with public networks and the Internet, but new cybersecurity and safety challenges are introduced. This paper states research questions and provides analysis results of recent relevant sources. Initially, 320 records (acquired between 2018 and 2022 inclusive) were identified. Later on, 187 studies were processed to check eligibility criteria. Overall, this mapping study includes 49 papers, after examining the pre-defined criteria and guidelines. The results of the analysis performed allow to systemize techniques being utilized in practice right now, as well as to identify trends of further techniques development. In fact, although the techniques used are not novel and most of them have been used for decades, our study shows that there are still some new trends in this field. In particular, the unified safety and cybersecurity assessment technique is a promising research direction, worth further investigation.Source: IEEE ACCESS, vol. 11, pp. 83781-83793
See at:
CNR IRIS 
| ieeexplore.ieee.org | ISTI Repository | CNR IRIS 
2023
Journal article
Open Access
Security-informed safety analysis of autonomous transport systems considering AI-powered cyberattacks and protection
Illiashenko O, Kharchenko V, Babeshko I, Fesenko H, Di Giandomenico F
The entropy-oriented approach called security- or cybersecurity-informed safety (SIS or CSIS, respectively) is discussed and developed in order to analyse and evaluate the safety and dependability of autonomous transport systems (ATSs) such as unmanned aerial vehicles (UAVs), unmanned maritime vehicles (UMVs), and satellites. This approach allows for extending and integrating the known techniques FMECA (Failure Modes, Effects, and Criticality Analysis) and IMECA (Intrusion MECA), as well as developing the new SISMECA (SIS-based Intrusion Modes, Effects, and Criticality Analysis) technique. The ontology model and templates for SISMECA implementation are suggested. The methodology of safety assessment is based on (i) the application and enhancement of SISMECA considering the particularities of various ATSs and roles of actors (regulators, developers, operators, customers); (ii) the development of a set of scenarios describing the operation of ATS in conditions of cyberattacks and physical influences; (iii) AI contribution to system protection for the analysed domains; (iv) scenario-based development and analysis of user stories related to different cyber-attacks, as well as ways to protect ATSs from them via AI means/platforms; (v) profiling of AI platform requirements by use of characteristics based on AI quality model, risk-based assessment of cyberattack criticality, and efficiency of countermeasures which actors can implement. Examples of the application of SISMECA assessment are presented and discussed.Source: ENTROPY, vol. 25 (issue 8)
Illiashenko O, Kharchenko V, Babeshko I, Fesenko H, Di Giandomenico F
The entropy-oriented approach called security- or cybersecurity-informed safety (SIS or CSIS, respectively) is discussed and developed in order to analyse and evaluate the safety and dependability of autonomous transport systems (ATSs) such as unmanned aerial vehicles (UAVs), unmanned maritime vehicles (UMVs), and satellites. This approach allows for extending and integrating the known techniques FMECA (Failure Modes, Effects, and Criticality Analysis) and IMECA (Intrusion MECA), as well as developing the new SISMECA (SIS-based Intrusion Modes, Effects, and Criticality Analysis) technique. The ontology model and templates for SISMECA implementation are suggested. The methodology of safety assessment is based on (i) the application and enhancement of SISMECA considering the particularities of various ATSs and roles of actors (regulators, developers, operators, customers); (ii) the development of a set of scenarios describing the operation of ATS in conditions of cyberattacks and physical influences; (iii) AI contribution to system protection for the analysed domains; (iv) scenario-based development and analysis of user stories related to different cyber-attacks, as well as ways to protect ATSs from them via AI means/platforms; (v) profiling of AI platform requirements by use of characteristics based on AI quality model, risk-based assessment of cyberattack criticality, and efficiency of countermeasures which actors can implement. Examples of the application of SISMECA assessment are presented and discussed.Source: ENTROPY, vol. 25 (issue 8)
See at:
CNR IRIS | ISTI Repository | www.mdpi.com | CNR IRIS
2024
Conference article
Restricted
Towards effective safety and cybersecurity co-engineering in critical domains
Babeshko I., Illiashenko O., Di Giandomenico F.
The primary objective of functional safety and cybersecurity co-engineering is to streamline assessment processes and enhance efficiency by implementing integrated approaches, therefore reducing overall effort and bringing several consequential advantages. Although this concept is not new, and there have already been successful attempts at its utilization in different critical domains such as nuclear, railway, and automotive, no mature approach could be easily adopted and applied during the assessment. Another challenge is that the understanding of co-engineering is essentially different, depending on domain specifics and priorities. Moreover, issues are still related to measuring efficiency achieved by co-engineering utilization. This paper addresses the current state of safety and cybersecurity co-engineering in critical domains. With a focus on nuclear, automotive, and railway domains, it proposes directions toward developing effective co-engineering frameworks for them.
Babeshko I., Illiashenko O., Di Giandomenico F.
The primary objective of functional safety and cybersecurity co-engineering is to streamline assessment processes and enhance efficiency by implementing integrated approaches, therefore reducing overall effort and bringing several consequential advantages. Although this concept is not new, and there have already been successful attempts at its utilization in different critical domains such as nuclear, railway, and automotive, no mature approach could be easily adopted and applied during the assessment. Another challenge is that the understanding of co-engineering is essentially different, depending on domain specifics and priorities. Moreover, issues are still related to measuring efficiency achieved by co-engineering utilization. This paper addresses the current state of safety and cybersecurity co-engineering in critical domains. With a focus on nuclear, automotive, and railway domains, it proposes directions toward developing effective co-engineering frameworks for them.
See at:
CNR IRIS | ieeexplore.ieee.org | CNR IRIS | CNR IRIS