Enriching Systems Theory Based Cyber-Security and Safety Analysis Using Stakeholder Value Networks 2020-01-0143
System-theoretic process analysis for security (STPA-Sec) is a powerful safety and security analysis method that focuses on unsafe and unsecure interactions between subsystems rather than component failure and its resulting chain-of-event failure modes. The first step of STPA-Sec requires the analyst to identify the system boundary and list the system losses and hazards. Current approach to performing this first and critical step of STPA-Sec requires interviewing the stakeholders and could potentially result in a narrow focus due to stakeholder’s mental model and resulting answers to questions. In some cases, stakeholders are not available for interviews and we risk influencing the system loss identification by the mental model of the analyst. We believe these two potential issues in the STPA-Sec analysis: narrow focus and missing access to stakeholder, can be address by factoring additional system information through stakeholder analysis. To illustrate the benefit of this approach a mining system is considered. Stakeholders in the mining system are identified and then classified based on the role that they play in the expected emergent behavior of the system. Stakeholder needs are identified and ranked. A stakeholder value network (map) is created with stakeholder as nodes and value exchanges between them representing the connections. A ranked list of value exchanges is created based on the impact of cybersecurity on the stakeholder map. System level-losses are identified from high impact value exchanges, which can then be fed into the step 1 of STPA-Sec analysis. A system level goal statement, derived from the stakeholder analysis, is used as a guiding statement and an aid in drawing a boundary around the system.