Using Integrated Safety and Cybersecurity Risk Assessment Methods for Operational Technology over the Entire System Life-cycle

Securing critical infrastructure from cyber threats has become increasingly important. An example is the 2016 cyber attack on Ukraine’s electric grid, which caused a blackout. Cyber attacks can cause safety impacts on civilian infrastructure, e.g. by cutting the electricity to civilian hospitals which depend on a reliable supply of electricity. Industries widely dependant on Operational Technology (OT) systems for daily operations include the oil and gas industry, nuclear facilities, and electric power distribution. Therefore, providing a security structure to ensure the safety of these industry actors’ OT assets and operationality is of interest. When cyber security breaches are capable of causing safety impacts, methods considering both safety and cyber security require consideration. This thesis has studied two methods of joint safety and cyber-security risk assessment. The first of these methods is Idaho National Laboratories’ (INLs) Consequence-driven Cyber-informed Engineering (CCE), a relatively new method seeking to protect the most critical systems in a facility. The second method is the Uncontrolled Flows of Information and Energy (UFoI-E) causality method. This method seeks to identify possible deviations and implement barriers that prevent these deviations from evolving into safety consequences. The two combined safety and cybersecurity assessment methods have been applied to OT, and opportunities in using these assessments during the entire system life-cycle have been explored. These risk assessments can aid the stakeholders in better understanding the vulnerabilities and threats their OT systems face, even beyond the initial design phase and into the operational phase. The methods have been applied in an electrical grid system case study, mainly focusing on an electric substation. The methods were subject to a mutual comparison. One proposal for modification regards the implementation of a checklist tool for the CCE method to provide a better framework for organising the documents needed to conduct the assessment. A tool has been developed to address this issue, including a calculator that simplifies the process of calculating the impact scores of critical events. Several attributes and characteristics have been considered to thoroughly compare the two methods. The comparisons and the case study results have provided grounds for suggestions for modifications to be considered in future projects using these methods. The thesis concludes by proposing a set of thoughts regarding future work on the subject.