A new safety and security risk analysis framework for industrial control systems

The migration of modern industrial control systems toward information and communication technologies exposes them to cyber-attacks that can alter the way they function, thereby causing adverse consequences on the system and its environment. It has consequently become crucial to consider security risks in traditional safety risk analyses for industrial systems controlled by modern industrial control system. We propose in this article a new framework for safety and security joint risk analysis for industrial control systems. S-cube (for supervisory control and data acquisition safety and security joint modeling) is a new model-based approach that enables, thanks to a knowledge base, formal modeling of the physical and functional architecture of cyber-physical systems and automatic generation of a qualitative and quantitative analysis encompassing safety risks (accidental) and security risks (malicious). We first give the principle and rationale of S-cube and then we illustrate its inputs and outputs on a case study.