One of the most eminent thought leaders on safety engineering is Nancy Leveson from MIT, USA. Her book, Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press, published in 2012 is currently the most up‐to‐date definitive work on the subject. It departs from previous safety methodologies, such a chain‐of‐events analysis, by taking a systems‐engineering view rather than a component view. The method described in the book for hazard analysis is known as STPA (Systems‐Theoretic Process Analysis) and builds on an accident‐modelling technique known as STAMP (Systems‐Theoretic Accident Model and Process) and an analytic technique for accident investigation known as CAST (Causal Analysis using Systems Theory).
Given the fact that the safety and security professional communities are hardly aware of one another and do not as a rule intermingle, there are surprising conceptual similarities between STPA and SABSA. The potential for enhancing SABSA by cross‐fertilising with STPA thinking seems to be a very good prospect. To demonstrate that, here are some key points that both frameworks share. Both are focused on:
- Systems engineering as the underlying methodology;
- Holistic systems analysis versus component analysis;
- Top‐down decomposition from the highest level value statements;
- Layered (tiered) systems analysis to reduce complexity and enhance simplicity of design;
- Treating unwanted events as a control problem not a failure problem;
- Modelling control systems and analysing the models;
- Nested and embedded feedback control loops;
Organisational governance as being a critical success factor in achieving the objectives, both in systems development and in systems operations, and applied at all governance levels – regulatory, management and technical;
- Seeing requirements definition as essential to a successful mission and flawed requirements as being the root of many problems;
- Seeing people and process as an integral part of a system – not just technology;
- Drawing on finite state machine theory (FSM) to determine safe/secure states and unsafe/insecure states and the events that trigger transition from one finite state to another.
- Seeing that the interaction between systems components, each working to specification, can be the source of unwanted systems behaviour without any single component failing. (A system property, not a component property).
From the point of view of The SABSA Institute, these similarities mean there is a rich seam of safety knowledge and know‐how to be mined to find new aspects of analysis that can strengthen SABSA. The Institute will therefore be initiating a research project in the near future to investigate the possible advantages of adopting and/or aligning with some of the STPA thinking. Anyone with an interest in participating in this project should let us know by sending a message on www.sabsa.org/contact or by emailing to firstname.lastname@example.org.