Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Adapting Traditional Hazards Analysis Methods to Address Cyber Risks

Technical Report ·
DOI:https://doi.org/10.2172/3012810· OSTI ID:3012810
 [1];  [1];  [1];  [1];  [1];  [2];  [1]
  1. Idaho National Laboratory (INL), Idaho Falls, ID (United States)
  2. MITRE
+ Show Author Affiliations

Traditional hazards analysis (HA) methods, originally developed to address physical and operational risks, often fall short when it comes to identifying and mitigating cyber threats. These cyber threats pose unique and evolving risks to critical infrastructure and industrial control systems (ICS). This report explores the integration of Cyber-Informed Engineering (CIE) principles into existing HA methods to enhance their ability to address cyber-induced risks. CIE provides organizations with a practical, cost-effective approach to closing the gap between traditional HA methods and the need for cyber risk mitigation. By leveraging existing safety processes and controls, CIE allows users to examine and mitigate cyber vulnerabilities without overhauling existing HA methods. This report identifies areas where HA and CIE naturally align and where their approaches diverge. It emphasizes how CIE principles can be used to adapt HA methods, broadening their scope to include cyber risks and enabling the mitigation of cyber- induced impacts alongside traditional hazards and failure scenarios. This report examines how CIE can be applied across various HA methods—such as Hazard and Operability Studies (HAZOP), Probabilistic Risk Assessment (PRA), Failure Modes and Effects Analysis (FMEA), Systems-Theoretic Process Analysis (STPA), Hazard and Consequence Analysis for Digital Systems (HAZCADS), and Layers of Protection Analysis (LOPA). It provides strategies for integrating CIE to strengthen the identification, assessment, and mitigation of cyber-induced risks. The findings offer a structured entry point for organizations to embed CIE concepts into hazards and safety analyses, as well as broader engineering processes, ultimately supporting the design and operation of a more resilient infrastructure.

Research Organization:
Idaho National Laboratory (INL)
Sponsoring Organization:
USDOE Office of Nuclear Energy (NE)
DOE Contract Number:
AC07-05ID14517
OSTI ID:
3012810
Report Number(s):
INL/RPT-25-88296
Country of Publication:
United States
Language:
English

Similar Records

On the Application of Cyber-Informed Engineering (CIE)
Conference · Fri Nov 29 23:00:00 EST 2024 · OSTI ID:2467509
Evaluation of Joint Cyber/Safety Risk in Nuclear Power Systems
Technical Report · Fri Apr 01 00:00:00 EDT 2022 · OSTI ID:1861982
Safety and Security Defense-in-Depth for Nuclear Power Plants
Technical Report · Wed Sep 01 00:00:00 EDT 2021 · OSTI ID:1832309

Related Subjects

42 ENGINEERING
97 MATHEMATICS AND COMPUTING
Cyber vulnerabilities
Cyber-Informed Engineering (CIE)
Hazards Analysis (HA)
Industrial Control Systems (ICS)
Resilient infrastructure
Risk mitigation