Trade-off Management between Safety and Cybersecurity (TOMSAC)
The PETRAS National Centre of Excellence for IoT Systems Cybersecurity
Total value of project
Value to Coventry University
Paul Wooderson (HORIBA MIRA Ltd)
Duration of project
01/10/2021 - 30/09/2022
This research is aimed at assuring cybersecurity and safety of complex CPS/IoT systems, which arise from convergence of Cyber Physical Systems (CPS) and Internet of Things (IoT). Such systems-of-systems interact with humans and integrate digital capabilities (networking, data, computational systems) with physical devices and engineering systems to enhance performance and functionality. Their application domains include transportation, energy, healthcare, manufacturing, agriculture and other sectors.
The core challenge addressed by this research is the trade-off management between cybersecurity and safety. Safety and cybersecurity are inter-dependent, often complementing or conflicting each other. Trade-off assessment can help to determine an optimal balance between safety and security measures and risks.
The aim of this research is to develop a new method TOMSAC along with a tool and an application example for managing safety and cybersecurity trade-offs in CPS/IoT systems. There are many factors involved in safety and cybersecurity trade-off management, such safety and security risk levels, costs, needs of various stakeholders, technology limitations, etc. Developers need to make decisions on how to balance the trade-offs among these factors in order to achieve their goals.
Multiple stakeholders will benefit from this research, such as developers, safety and security assessors, insurance companies, system users, and other researchers among others. Researchers and practitioners could use the knowledge base in advancing the state of the art and practice in the intersection of cybersecurity and safety.
Meanwhile, TOMSAC method and tool will be of benefit to developers, assessors, and insurance companies, as it will enable the management of safety and cybersecurity interdependencies and trade-offs in a transparent, quantitative, justifiable way in compliance with the safety and cybersecurity standards.