Integrating Fault Tree Analysis with System Theoretic Process Analysis

When designing a digital instrumentation and control (DI&C) system, flaws in the architecture or software, failures of components, cyber-attacks, and human failures can lead to unintended effects on the system under control. There are several approaches for assessing potential hazards from inappropriate operation of a system, but that the best approach is likely a combination of assessment techniques [1]. The approach that showed the most potential was an integration of Systems Theoretic Process Analysis (STPA) with Fault Tree Analysis (FTA). While the STPA process is very effective at identifying things that could go wrong with the system, it does not have any tools to prioritize the Unsafe Control Actions (UCAs) to identify which UCAs are the most important. When a fault tree is available for assessing the risk of a system, the integration of FTA with STPA can be used to assign a risk rank to the UCAs. This allows the system designer to prioritize either design changes or control methods to address each UCA appropriately. This paper demonstrates one approach for integrating FTA and STPA for risk ranking the UCAs identified by the STPA. This integrated process allows the designer to focus on the most important aspects of the design when transitioning from conceptual design to preliminary design to detailed design. At each step, the design is informed by the STPA and FTA to make the final design safer and more reliable. The result is a final design that is complete, accurately specified, and has a low risk of emergent behaviors.