Fault tree analysis
In the case of IIoT, where attacks are cyber- physical in nature and closely correlates with safety and reliability engineering, fault tree analysis can be used as an effective tool.
IIoT systems and technologies involve a degree of complexity. As a result, a failure at the system level can be the result of faults occurring in any of the subsystems. The likelihood of failure, however, can often be reduced through improved system design. In fault tree analysis (FTA), logic diagrams are created for the overall system to map the relationship between faults, subsystems, and redundant safety design elements. Figure 2.3 shows an example of a fault tree diagram:
Unlike attack trees, FTA is top-down. Here, we analyze by combining a series of lower-level events (involving subsystem failures). Using Boolean logic, these events are combined to analyze an undesirable state of a system. This is also a deductive failure analysis method commonly used in safety and reliability engineering to understand how systems can fail, and hence to find ways to reduce risks of failure.
FTA was first used in the aerospace industry, where safety assurance is mandated at very high levels. For commercial aircraft, the probability of failure is 10-9 (one in a billion) (IOT-SEC). Nowadays, in addition to aerospace, FTA is used in many other industries such as nuclear power, chemical engineering, pharmaceuticals, energy grids, and so on. FTA is also used in software engineering, for debugging purposes, and is closely related to the cause elimination technique, used to detect bugs.
Several industry and government standards describe the FTA methodology, such as:
- NUREG–0492 for the nuclear power and aerospace industry
- SAE ARP4761 for civil aerospace
- MIL–HDBK–338 for military systems
- IEC 61025 for cross-industry usage