Systems thinking for safety and security

Young, William; Leveson, Nancy

Author(s)

Young, William Edward; Leveson, Nancy G.

DownloadLeveson_Systems thinking.pdf (421.6Kb)

OPEN_ACCESS_POLICY

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

The fundamental challenge facing security professionals is preventing losses, be they operational, financial or mission losses. As a result, one could argue that security professionals share this challenge with safety professionals. Despite their shared challenge, there is little evidence that recent advances that enable one community to better prevent losses have been shared with the other for possible implementation. Limitations in current safety approaches have led researchers and practitioners to develop new models and techniques. These techniques could potentially benefit the field of security. This paper describes a new systems thinking approach to safety that may be suitable for meeting the challenge of securing complex systems against cyber disruptions. Systems-Theoretic Process Analysis for Security (STPA-Sec) augments traditional security approaches by introducing a top-down analysis process designed to help a multidisciplinary team consisting of security, operations, and domain experts identify and constrain the system from entering vulnerable states that lead to losses. This new framework shifts the focus of the security analysis away from threats as the proximate cause of losses and focuses instead on the broader system structure that allowed the system to enter a vulnerable system state that the threat exploits to produce the disruption leading to the loss.

Date issued

2013-12

URI

http://hdl.handle.net/1721.1/96965

Department

Massachusetts Institute of Technology. Department of Aeronautics and Astronautics; Massachusetts Institute of Technology. Engineering Systems Division

Journal

Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC '13)

Publisher

Association for Computing Machinery (ACM)

Citation

William Young and Nancy Leveson. 2013. Systems thinking for safety and security. In Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC '13). ACM, New York, NY, USA, 1-8.

Version: Author's final manuscript

ISBN

9781450320153

Collections

MIT Open Access Articles

DSpace@MIT