Presentation is loading. Please wait.

Presentation is loading. Please wait.

Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.

Published byNigel McKenzie Modified over 9 years ago

Similar presentations

Presentation on theme: "Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators."— Presentation transcript:

1 Systems Engineering Approach to MPS Risk Management Kelly Mahoney mahoney@jlab.org Presented at the Workshop for Machine Protection in Linear Accelerators June 8, 2012

2 Systems Approach (from Tuesday’s talk) Top-Down Encompasses all aspects of a technical project Focus on overall facility mission and goals Overall context for development of systems under specific standards, e.g. IEC 61508, 61511, 62062,… Accelerator is a system of systems Similar lifecycle activities apply to all subsystems – rigor depends on risk under consideration. Assumptions under one analysis become requirements to another system Should be tracked

3 System Engineering Processes CERN MPS Workshop 6-8 June, 2012Slide 3 Agreement Process Project Process Organizational Process Technical Process Ref. IEC15288/12207/ INCOSE Systems Safety Handbook Stakeholder Requirements Definition Process Stakeholder Requirements Definition Process Verification Process Verification Process Requirements Analysis Process Requirements Analysis Process Architectural Design Process Architectural Design Process Implementation Process Implementation Process Transition Process Transition Process Operation Process Operation Process Maintenance Process Maintenance Process Disposal Process Disposal Process Validation Process Validation Process 80/20 Rule Applied to Systems: 80% of system errors are introduced in the requirements, 20% in all remaining lifecycle stages. 80% of a project’s committed cost are determined during the 1 st 20% of actual cost (Requirements + first stages of Architectural Design) Cost to correct incorrect/incomplete requirements increase by an order of magnitude for each major project activity.

4 Safety Risk Management CERN MPS Workshop 6-8 June, 2012Slide 4 Identify Hazards Identify Hazards Assess Risk Establish Controls Establish Controls Implement Controls Implement Controls Maintain and Assess Identify Hazards Identify Hazards Assess Risk Establish Controls Establish Controls Implement Controls Implement Controls Maintain and Assess Identify Hazards Identify Hazards Assess Risk Establish Controls Establish Controls Implement Controls Implement Controls Maintain and Assess Systems Assurance Software Assurance Cyber Security Assurance

5 Integrated System Risk Management CERN MPS Workshop 6-8 June, 2012Slide 5 Identify Hazards Identify Hazards Assess Risk Establish System Level Controls Establish System Level Controls Implement System Level Controls Implement System Level Controls Maintain and Assess Establish Software Controls Establish Software Controls Implement Software Controls Implement Software Controls Establish Security Controls Establish Security Controls Implement Security Controls Implement Security Controls Systems Assurance Central management of hazards and risks. Applies to all safety functions Personnel Safety Beam Containment MPS Common high level requirements and assumptions; as well as assessments. Horizontal link of controls, assumptions, constraints Functional testing, Software QA, defensive programming, physical security, …

6 Integrated System Risk Management CERN MPS Workshop 6-8 June, 2012Slide 6 Identify Hazards Identify Hazards Assess Risk Establish System Level Controls Establish System Level Controls Implement System Level Controls Implement System Level Controls Maintain and Assess Establish Software Controls Establish Software Controls Implement Software Controls Implement Software Controls Establish Security Controls Establish Security Controls Implement Security Controls Implement Security Controls Systems Assurance Common Requirements Among Standards: Management Requirements Competency in each specialty area Graded Approach to system design, mitigations, and management based on risk Hazard and Risk Assessment Configuration Management

7 Cyber Security Risk Not well defined in current safety management practices Large emphasis on control system cyber security US NIST Common Risk Evaluation Areas Risk to Integrity Risk to Availability Risk to Confidentiality Latest version of IEC61508 attempts to address cyber security CERN MPS Workshop 6-8 June, 2012Slide 7

8 Cyber Security Risk Risk is defined in terms of ‘vulnerability’ Consequences are same as identified in hazard analysis Failure modes include malicious intent by internal or external party Mitigations Staff training and security awareness Physical security (limited access) Least Privileges/Authentication Segmentation Passive monitoring Defensive/Fault Tolerant programming Forensic capability Intrusion Response Plan Resources for control system cyber security IEC 62443 Security for industrial process measurement and control ISA S99.01 Security for Industrial Automation and Control Systems US NIST “Special Publicaiton 800-53.” Recommended Security Controls for Federal Information Systems and Organization US ICW-CERT http://www.us-cert.gov/control_systems/ics-cert/http://www.us-cert.gov/control_systems/ics-cert/ ENISA Protecting Industrial Control Systems Recommendations for Europe and Member States CERN MPS Workshop 6-8 June, 2012 Sl ide 8

9 JLab Controls Cyber Security Working to establish controls cyber security program Controls Cyber assurance program in process Covers all controls Risk Based Management CERN MPS Workshop 6-8 June, 2012Slide 9

10 JLab Global Risk Assessment Method Started as software risk assessment tool Applicable to all aspects of risk management Developed by team with representatives of all enclaves at JLab Safety Systems (facilitator) Network and Infrastructure (Cyber Security) Business Computing and Information Systems Quality Assurance Accelerator Controls and Networking Experimental Physics Physics Computing and Data Management Chief Information Officer/Chief Information Security Officer Covers ALL software – from Experiment Data to FPGAs Now used as basis for configuration management Assurance process defines minimum activities for a given risk level. Does not dictate how. CERN MPS Workshop 6-8 June, 2012Slide 10

11 JLab Global Risk Assessment Method Six Areas Direct Risk of Financial Loss Direct Risk of Loss of Tangible Property Direct Risk of Harm to People Direct Risk of Harm to the Environment Direct Risk of Loss of Mission Direct Risk of Regulatory Body Intervention Each subject evaluated in an FEMA type scenario Each of the six areas are assigned a score 0-5, based on predefined unmitigated consequences. CERN MPS Workshop 6-8 June, 2012Slide 11

12 JLab Global Risk Assessment Method Score is evaluated on BOTH max value of single category AND sum of all scores Some risks that were below the radar now pop up as more important Because the system owner evaluates the risk, they are invested in the process Evaluator determines risk acceptance level of unmitigated and mitigated risk. Intolerable Unacceptable Tolerable Acceptable Amazing agreement between evaluation scores and risk acceptance levels among different enclaves. CERN MPS Workshop 6-8 June, 2012Slide 12

13 Functional Risk Assessment Methods Used for JLab MPS Safety Functions Event Tree Risk Matrix Risk Graph Layer of Protection Analysis All of the above can be used to assign a SIL level to a safety function. CERN MPS Workshop 6-8 June, 2012Slide 13

14 Conclusions Systems approach allows early identification and mitigation of operational risks Same approach can be used for all safety related systems Correct Requirements are critical for correct and efficient implementation of a protection system. JLab Global Risk Assessment tool can uncover risks that fall below radar in other assessments SIL methods can be used to manage MPS safety functions’ CERN MPS Workshop 6-8 June, 2012Slide 14

15 Additional Slides: CERN MPS Workshop 6-8 June, 2012Slide 15

16 MIL-STD-882E System Safety CERN MPS Workshop 6-8 June, 2012Slide 16 Ref. MIL-STD-882E

17 882 E Software Safety Criticality Matrix CERN MPS Workshop 6-8 June, 2012Slide 17 Ref. MIL-STD-882E

18 Software Assurance CERN MPS Workshop 6-8 June, 2012Slide 18

19 A Note on Safety Integrity Levels (SILs) A Safety Integrity Level applies to a mitigation function performed by a system. Individual SILs are determined by the difference between (unmitigated risk + risk reduction of other safety layers or functions) and acceptable risk goal. Examples: MPS Safety Requirement: Prevent catastrophic loss of two or more superconducting dipole magnets due to a beam loss event. Other Layers SF1: CERN MPS Workshop 6-8 June, 2012Slide 19

20 IEC61508 Lifecycle Model Concept Overall scope definition Hazard and risk analysis Overall safety requirements Safety requirements allocation Back to appropriate overall safety lifecycle phase Overall operation, maintenance and repair Overall modification and retrofit Overall safety validation Decommissioning or disposal 16 Safety-related systems: E/E/PES Realization (see E/E/PES safety lifecycle) Safety-related systems: other technology Realization Overall installation and commissioning Overall planning Overall operation and maintenance planning Overall installation and commissioning planning Overall safety validation planning External risk reduction facilities Realization Analysis Phase Realization Phase Operations Phase

21 © K Mahoney/S. Prior 2002-2004 USPAS June, 2004 IEC Safety Allocation

Download ppt "Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators."

Similar presentations

Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.

Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
KDP-1: Integrate supply chain knowledge into secure solutions concepts Evaluate supply chain threats with respect to the set of possible solutions under.

KDP-1: Integrate supply chain knowledge into secure solutions concepts Evaluate supply chain threats with respect to the set of possible solutions under.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Breakout Group 2: Software Quality Assurance Outcome 8/18/10 1.

Breakout Group 2: Software Quality Assurance Outcome 8/18/10 1.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
INCOSE 1 st reactions. One other area that struck me has the sheer number of levels of proficiency—in ours we are going with 5 and the first one is limited.

INCOSE 1 st reactions. One other area that struck me has the sheer number of levels of proficiency—in ours we are going with 5 and the first one is limited.
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.

Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.

Similar presentations

Ads by Google