The Australian Rail industry is undergoing a large-scale Digital Transformation which will require new approaches to identify and manage the cybersecurity of systems during and after transition. Exposure of the rail systems to cyber-attack can result in not only loss of data, loss of revenue, and general disruption to passengers, but can also cause serious implications should safety critical systems be affected. Since cybersecurity and safety analysis are interdependent, it is crucial to have an integrated approach to take those dependencies into consideration.
This paper describes the conceptual development of an integrated modelling approach that aids safety assessors in analysing assurance at system level through exploration of scenarios of human error within a cybersecurity context. The Systems Modelling Language (SysML) is used to model the system and organisational processes focussing on the contribution of the human roles participating in them. A task-based Failure Modes and Effects Analysis (FMEA) is then undertaken to quantify and understand the impact on safety. These models enable assessment of how the cyber threats and failure modes affect the processes and how cyber controls and human competencies can mitigate risk. The proposed approach is developed through the use of a metamodel which makes it replicable to other scenarios.