Cybersecurity: Risk Calculation & Link with Safety Analysis
Overview
This is the 2nd part of a 4-part webinar series that demonstrates an end-to-end cybersecurity workflow that manages risks efficiently and consistently. The workflow covers everything from early asset and threat identification at system level, to implementation and verification of countermeasures in the software. It integrates safety data from analyses such as FHA and FMEA, enables change analysis, and keeps risk data and decisions consistent with the architecture and design.
In this second part we show how you can evaluate the identified threats to calculate the risk for your system, and how spot the weakest link that needs to be addressed. We start with a systematic identification of the feasibility (i.e. how "easy" the threat/attack would be) and impact (i.e. what is the potential damage) of each threat. In this process, we show how to re-use data from safety analysis for impact analysis, and how to estimate the feasibility of with the well-known “attack potential” method. Next, we discuss how MATLAB and Simulink can automate the risk calculation, and how you can set a risk acceptance threshold. The outcome of this webinar will be a list of risks which are synchronized to the architecture, and validated treatment decisions (e.g. reduce risk, avoid risk, share risk, retain, etc) for each of them.
Highlights
- What are the factors to be consider to estimate threat´s impact
- How safety analysis can be leverage to estimate threat´s impact
- What are the factors to be consider to estimate threat´s feasibility
- How to calculate the risk, set an acceptance threshold and choose a treatment option
About the Presenters
Marco Bimbi is a Principal Application Engineer focusing on Model Based Systems Engineering workflows for safety critical applications. Marco joined MathWorks in 2022. Before joining The MathWorks, he has worked for 10+ years in aerospace as well as rails industries such as Rolls-Royce and Deutsche Bahn focusing on Systems Engineering workflows for safety critical applications. During his career he held various roles such as Control Systems Architect, Model Based Systems Engineering Specialist and Requirements Manager. At MathWorks Marco helps customers to leverage MathWorks toolchain, including System Composer, for their Systems Engineering workflow. Moreover, Marco provides industry insight to the MathWorks development team to drive future product capabilities
Martin Becker is a Principal Application Engineer at The MathWorks and an independent security researcher. He received his Ph.D. in software verification from Technical University of Munich for his work on real-time computer systems, and has 20 years of experience in embedded systems, amongst others working as avionics engineer at Airbus Defense & Space, Research Engineer at Tata Consultancy Services, and Lecturer at Singapore Institute of Technology. In his daily work, he supports customers from all industries in the efficient development of safety-critical software and certification according to industrial standards, accompanies the development of innovative verification tools, and uses them himself as an ethical hacker in the field of FOSS software.
Product Focus
This event is part of a series of related topics. View the full list of events in this series.
