| Document
|
Author Eylem Thron, Duncan Ki-Aries, Huseyin Dogan, Martin Freer, Shamal Faily |
| Abstract Cyber-attacks increasingly threaten critical infrastructure, where interactions between security, safety, and human-system behaviour create complex socio-technical risks. If not managed early, these interactions can produce latent vulnerabilities and unsafe operational states. This paper presents a Minimum Viable Product (MVP), developed by Bournemouth University and Mima and funded by the Defence Science and Technology Laboratory (Dstl), to operationalise Secure-by-Design through integrated Human Factors (HF), safety, and cybersecurity analysis. The MVP combines System-Theoretic Process Analysis (STPA) with Hierarchical Task Analysis (HTA), Cognitive Task Analysis (CTA), Performance Shaping Factors (PSFs), and Human Attributes analysis to generate a structured and traceable User Requirements Document (URD) from a Defence specification exemplar. Results demonstrate that integrating HF, safety, and cybersecurity during early capability definition enables identification of cross-domain risks and supports derivation of coherent, traceable Secure-by-Design requirements for cyber-physical systems. |
