Abstract The growing convergence of information technology with operational technology and the accordant proliferation of interconnected cyber-physical systems (CPSs) has given rise to several security and safety challenges. One of these refers to systematically identifying coherent, consistent, and non-conflicting security and safety requirements. This paper proposes an integrated method for safety and security requirements engineering for CPSs at the design stage of the system lifecycle. The method identifies security and safety objectives, it systematically elicits a comprehensive list of requirements, and it links these requirements to objectives, thus facilitating the process of resolving conflicts. To provide insight into the operations of the method, we demonstrate its use to the most vulnerable CPSs on board the Cyber-Enabled Ship (C-ES). By utilizing the proposed method, the safety and security objectives of these systems were defined, and their safety and security requirements were identified.

中文翻译：

---

SafeSec Tropos：联合安保和安全要求引出

摘要 信息技术与运营技术的日益融合以及互联网络物理系统 (CPS) 的相应扩散已经带来了若干安全挑战。其中之一是系统地确定连贯、一致和不冲突的安保和安全要求。本文提出了一种在系统生命周期设计阶段对 CPS 进行安全和安保需求工程的集成方法。该方法识别安全和安全目标，它系统地引出一个完整的需求列表，并将这些需求与目标联系起来，从而促进解决冲突的过程。为了深入了解该方法的操作，我们向网络使能船 (C-ES) 上最脆弱的 CPS 演示了它的使用。