Risk Assessments Considering Safety, Security, and Their Interdependencies in OT Environments

Information Technology (IT) and Operational Technology (OT) are converging further, which increases the number of interdependencies of safety and security risks arising in industrial architectures. Cyber attacks interfering safety functionality may lead to serious injuries as a consequence. Intentionally triggering a safety function may introduce a security vulnerability during the emergency procedure, e.g., by opening emergency exit doors leading to enabling unauthorized physical access. This paper introduces a risk evaluation methodology to prioritize and manage identified threats considering security, safety, and their interdepedencies. The presented methodology uses metrics commonly used in the industry to increase its applicability and enable the combination with other risk assessment approaches. These metrics are Common Vulnerability Scoring System (CVSS), Security Level (SL) from the standard IEC 62443 and Safety Integrity Level (SIL) from the standard IEC 61508. Conceptional similarities of those metrics are considered during the risk calculation, including an identified relation between CVSS and SL. Besides this relation, the skill level and resources of threat actors, threats enabling multiple identified attacks, the SIL of safety-relevant components affected, business criticality of the targeted asset, and the SL-T of the zone targeted by the attack are considered for risk evaluation. The industrial architecture to be analyzed is separated into zones and conduits according to IEC 62443, enabling the analyzed system to be compliant with its requirements.