2.5 Summary and Further Reading (including Information on Seminar Exercises)

6. 2.5 Summary and Further Reading (including Information on Seminar Exercises)

Watch

The part 2 safety and security videos from our industrial partners in the module with Copyrighted Material.

Read

Elective

• Software Certification - Where is Confidence Won and Lost Download Software Certification - Where is Confidence Won and Lost
• Safety Cases: An Impending Crisis? Download Safety Cases: An Impending Crisis?
• "The Art of Systems Architecting" through e.g. KTHB.
• For "Systems Engineering Handbook" see the associated site Links to an external site..
• "ISO 12207" in the module with Copyrighted Material.
• "ISO 15288" in the module with Copyrighted Material.
• MIL-STD-882E Download MIL-STD-882E
• Developing Cyber Resilient Systems: A Systems Security Engineering Approach Download Developing Cyber Resilient Systems: A Systems Security Engineering Approach
• "Engineering a Safer World" available open access Links to an external site. from MIT Press Direct.
• Attack Trees Download Attack Trees
• The Parkerian Hexad Download The Parkerian Hexad
• NIST Special Publication 800-30, Guide for Conducting Risk Assessments Download NIST Special Publication 800-30, Guide for Conducting Risk Assessments
• NIST Special Publication 800-82, Guide to Industrial Control Systems (ICS) Security Download NIST Special Publication 800-82, Guide to Industrial Control Systems (ICS) Security
• Rapid Integration of CPS Security and Safety Download Rapid Integration of CPS Security and Safety

Mandatory

• Seminar Description Download Seminar Description
• Area Visualization
• Data Assets Visualization
• Security Visualization

Do

1. For the first part of the seminar day:

• (Possibly together with others) Study the framework given to you, and put together a 25-minute presentation, emphasising:
  • What is the history of the framework (who put it together and why)?
  • How does the framework relate to the 4+1 principles of assurance?
  • Is it implicit or explicit?
  • What are its special characteristics in comparison to other frameworks?

You hand in the presentation here in a PPTx format, with what you aim to say during the presentation in the notes to each slide. 

2. For the second part of the seminar day:

• Read through scenario description.
• Identify and detail at least three (3) threat actors according to categories you think are important. (For instance, think Who (intent, access, skill, resources...) and How (Reason, Target outcome, ...).) Choose one threat actor which you think is especially important.
• What is the objective of this threat actor, and what is the impact if an associated attack is successful? Describe this in a short (one paragraph) attack scenario description.
• Identify and detail an attack through which the threat actor could succeed with the objective. Visualize the attack in an Attack Tree. Expand the tree further with other attacks.
• Use a structured approach to identify how you might deter, detect, delay, respond or recover from the attacks. E.g., for each node in the Attack Tree, define appropriate controls. If not obvious, motivate the appropriateness of the mitigation (controls) with the impact of a successful attack.
• Use a structured approach to identify hazards affected by tampering with the system. E.g., use CRAF to link data security to data safety. Describe one such link in a short (one paragraph) causality description.
• Suggest the most important redesign of the system to avoid security affecting safety.
• Prepare a short presentation to argue for this redesign, using the material you have put together so far.

You should aim for a system's perspective in this exercise. It is important to realize that the system and its context implies both the likely character of threats/hazards and limitations/opportunities for mitigation measures. Generic approaches ("Give each employee a secure token for accessing the system") are not always possible to use ("Those accessing the system might not all be employees and often replaced.") or meaningless ("The most likely threat is an disgruntled insider with high security clearance."). By contrast, contextual factors can provide opportunities that are not usually present ("We limit the risk of accidents by allowing safe storage even of contraband, if an attacker has made it past X security barriers".) 

You hand in the presentation here in a PPTx format, with what you aim to say during the presentation in the notes to each slide.