Application of STPA-Sec for analyzing cybersecurity of autonomous mining systems
Author(s)Sidhu, Amardeep Singh.
Application of Systems-Theoretic Process Analysis for Security for analyzing cybersecurity of autonomous mining systems
Massachusetts Institute of Technology. Engineering and Management Program.
System Design and Management Program.
Stuart Madnick and Allen Moulton.
MetadataShow full item record
Autonomy is seen as the next big thing in the mining industry. For mine operators there are benefits to be gained in terms of higher productivity, inherent safety, lower operational expense, and improved asset management, just to name a few. Original equipment manufacturers (OEM) and dealerships also benefit by gaining the ability to better manage machine lifecycles, adding additional revenue streams from auxiliary products and services like mine operating system (MOS), training, and contracts to run mine autonomy and automation as a service. For this work, we have selected the autonomous haul truck used in the surface mining operation as the subject. We were motivated primarily by existing OEM efforts on introducing autonomy in the industry through hauling. Various stages of hauling process including the interaction with manually operated MOS and shovel were studied.Systems-Theoretic Process Analysis for Security (STPA-Sec) method was applied to the loading subsystem of open pit surface mining, where the manually operated shovel and the autonomous haul truck interact. System level safety and cybersecurity hazards were identified, a functional control structure prepared, and a system state model developed. A control action of "autonomous-stop" from the shovel operator and directed towards the autonomous haul truck was analyzed to identify unsecure control actions and corresponding unsecure constraints. Extension to the STPA-Sec framework in the form of modified attack trees was applied to generate rich set of scenarios with the unsafe and unsecure control action as the attack goal. Cybersecurity requirements for the shovel and haul truck subsystem interaction were derived by analyzing scenarios and recommended mitigations.Results indicated that the STPA-Sec with attack tree performs better than any single method from SAE J3061 based on the process, quality, and quantity of cyber-physical threats identified. In addition, STPA-Sec with attack tree filled an important gap by offering structure and traceability during scenario generation process of STPA. Future work could focus on automating STPA-Sec analysis steps where expert knowledge is not required and integrating the improved STPA-Sec as a hazard analysis and risk assessment framework under ISO26262.
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2019Cataloged from PDF version of thesis. "February 2019."Includes bibliographical references (pages 107-110).
DepartmentMassachusetts Institute of Technology. Engineering and Management Program; System Design and Management Program
Massachusetts Institute of Technology
Engineering and Management Program., System Design and Management Program.