A New Approach to IoT Safety, Risk, and Vulnerability Analysis

The ugly truth is that the interconnection of devices with IoT systems can lead to failures which result in physical injury, unacceptable risk, or cybersecurity vulnerabilities. Preventing such accidents requires identifying hazards, risks, and security vulnerabilities during development. Traditional hazard analysis techniques—failure modes and effects analysis, fault tree analysis, and root cause analysis—were developed for simple hardware controllers and are based on single-point failures. However, software fails differently than hardware. Most accidents, system failures, and many cyber attacks involving software-controlled systems are not caused by software failure—where the software stopped working—but rather by unforeseen interactions between the software and other system components. Vicki and Greg Pope explain how to use a robust hazard analysis technique called systemic theoretic process analysis. In actual usage on complex, software controlled systems, this technique has been able to identify more hazards, risks, and security vulnerabilities than previous methods.