Congratulations to Nelson Carreras Guzman for a successful PhD defence

Thursday 25 Feb 21


Nelson Humberto Carreras Guzman
PhD student
DTU Management
+45 45 27 51 91


Josef Oehmen
Associate Professor
DTU Management
+45 45 25 60 39


Igor Kozin
DTU Management

Topic: Identfication of Safety and Security Cascading Risks in Cyber-Physical Systems

See summary below.

Defence date: 25.2.2021


Associate Professor Josef Oehmen, DTU Management

Senior Researcher Igor Kozin

Professor Mary Ann Lundteigen, NTNU



Associate Professor Christian Damsgaard Jensen, DTU Compute (Chairman)

Product Security Architect Rishikesh Sahay, MAN Energy Solutions

Department Head Christian Raspotnig, Avinor Flysikring


Chairperson at the defence:

Associate Professor Christian Thuesen, DTU Management



Identfication of Safety and Security Cascading Risks in Cyber-Physical Systems

Increasingly, cyber risks are cascading into hazardous physical consequences, posing a direct danger to people’s lives and the environment. Cyber-physical systems (CPSs) are engineered systems that integrate information technologies, real-time control systems, physical processes, and human operators to influence physical processes by means of cooperative and (semi)automated control functions. Applications include autonomous transportation systems, industrial control systems, and medical devices, among others. Despite their tremendous benefits and promising potential, CPSs are exposed to an array of risk sources, including both unintentional errors and intentional attacks. These risks challenge the safe design and operation of CPSs and require an integration of cybersecurity and safety analysis methods to ensure system protection.

This thesis describes, tests, and validates an integrated safety and security analysis method, coined the Uncontrolled Flows of Information and Energy (UFoI-E) method. This novel method facilitates the process of risk identification in CPSs, considering the cascading risks across the layers of the system and its environments. The UFoI-E method is composed of three main constituents. The first constituent is the CPS master diagram, a multi-layered systems model to represent the architecture of CPSs. The second constituent is the UFoI-E causality concept, a novel causation model to conceptualize cascading risks across the information and energy domains of a system. The third constituent is the Cyber-Physical Harm Analysis for Safety and Security (CyPHASS). CyPHASS is a harm scenario builder that serves as a practical toolkit to perform risk identification systematically. For this purpose, CyPHASS uses the CPS master diagram as the system model under analysis and the UFoI-E causality concept as the theoretical model of causation. In an overarching theoretical contribution, this thesis contributes to the integration of safety and security analysis of CPSs. The UFoI-E method builds from the body of knowledge in system safety and cybersecurity and provides a novel framework to assist multidisciplinary system designers and risk analysts. In practice, this thesis tests and validates the UFoI-E method by conducting real safety and security analysis in diverse CPSs applications at different development stages. Examples include autonomous surface vessels, a small-scale driverless bulldozer, and a safety-related industrial control system for a nuclear power plant. Finally, this thesis demonstrates the effectiveness of the UFoI-E method to facilitate safety and security analysis and provides recommendations for further work in the safety and security field.





News and filters

Get updated on news that match your filter.