Rapid Integration of CPS Security and Safety

The security and safety of Cyber-Physical Systems (CPS) often influence each other. Ensuring that this does not have negative implications might require a large and rigorous effort during the development of CPS. However, early in the life-cycle, quick feedback can be valuable helping security and safety engineers to understand how seemingly trivial design choices in their domain may have unacceptable implications in the other. We propose the Cyber Risk Assessment Framework (CRAF) for this purpose. The CRAF is based on openly available and widely used taxonomies from the safety and security domains, and a unique mapping of where loss of data security may impact aspects of data with safety implications. This paper represents the first time these different elements have been brought together into a single framework with an associated process. Through examples from within our organisations we show how this framework can be put to good use.