Dynamic Safety and Security Risk Assessment in Healthcare and Critical Infrastructures

Critical Infrastructures, such as healthcare, are essential for maintaining societal well-being and bolstering the nation's economy. The growing integration of Cyber Physical Systems (CPSs), such as social robots, into these infrastructures has made them more susceptible to both random faults and cyber-attacks. Traditional risk assessment frameworks typically address either safety or security risks, but often lack the capability to dynamically assess and mitigate both in an integrated manner. In our previous work, we developed a Bayesian Network (BN) framework that helps in developing BN models for distinguishing random faults and attacks, primarily for diagnostic purposes. However, this framework did not include proactive security measures. In this study, we enhance the BN framework to facilitate the development of models that incorporate proactive security measures by considering mitigating factors. In addition, we introduce extended Component Fault Trees (CFTs) for knowledge elicitation, leveraging their formal structure and practitioners’ familiarity with Fault Tree analysis. We propose a translation scheme from extended CFTs to BNs to further refine the framework. The effectiveness of this framework is demonstrated through two use cases: remote patient monitoring in healthcare, and the deployment of social robots in smart cities. This study presents a holistic framework for dynamic safety and security risk assessment in critical environments, featuring a closed feedback loop between information sources and the risk evaluation and treatment stages to ensure continuous monitoring, analysis, and adaptation to evolving risks.