Skip to main content

When Safety and Security Co-Engineering Conflict: Doctoral Student Presents Technical Paper to Advance Cybersecurity Solutions

Chidi Agbo

Computing Ph.D. student Chidi Agbo came to Boise State University because of its high rankings as a doctoral research institution and its exceptional professors. After joining the Computing Ph.D. program in 2020, Agbo teamed up with Computer Science Associate Professor Hoda Mehrpouyan. In November 2022, that productive partnership gave Agbo the opportunity to publish and present a paper at the International Conference on System Reliability and Safety in Venice, Italy.

Originally from Ndieshi Nsulakpa Ezzangbo in Ohaukwu Local government area of Ebonyi State, Nigeria, Agbo’s work on the publication “Conflict Analysis and Resolution of Safety and Security Boundary Conditions for Industrial Control Systems” began soon after he started his Computing Ph.D. studies at Boise State University. First, he set to work on the identified problem that emerged from an extensive literature review: how to identify, analyze and resolve conflicting constraints during safety and security co-engineering. Agbo and Dr. Mehrpouyan then developed a new methodology known as the STPA-SafeSec-CDCL approach. This methodology combined two approaches–System Theoretic Process Analysis for Safety and Security (STPA-SafeSec) and Conflict Driven Clause Learning (CDCL)–into a single new approach. Finally, for proof of concept, their STPA-SafeSec-CDCL approach was applied to the Eastman Chemical Plant model to demonstrate real-world applications in chemical plants and similar safety-critical systems.  For Agbo, the most challenging and fascinating part of writing the paper was identifying and converting conflicting safety and security constraints to Boolean Satisfiable (SAT) problems solvable by their python script.

Agbo is proud of his safety and security co-engineering research because, in doing so, he contributes to improving critical systems’ reliability, robustness, and resilience. Agbo is clear about the importance of this work: “First, it addresses the major challenges facing safety and security co-engineering where safety goals undermine security goals and vice versa. An attacker can exploit this issue to cause cyber sabotage if not resolved. Second, it eliminates safety and security issues at the early stages of system design and development by ensuring that safety goals enhance security goals and vice versa. Third, our approach gives equal prioritization to safety and security necessary to increase system reliability, robustness, and resilience.”

Agbo’s research emphasizes the need to address issues of safety and security simultaneously. As an example, he asks us to “consider a robot or an automatic door system (ADS) used in critical facilities such as airports,  power grid, chemical, water or nuclear plants that detects metal objects and automatically denies the person access to the building. The security requirement for such a system is designed to ensure that the ADS shuts the door against anyone with metal objects. However, in the case of emergencies, such as fire outbreaks, the ADS will enforce safety requirements for evacuation purposes, thereby compromising security goals. In this case, enforcing or not enforcing safety/security requirements leads to hazards/threats.”

Agbo is deeply honored to have been invited to present this work. Presenting at an international conference had been a professional goal of his, and the entire experience left him feeling “happy and fulfilled.” Beyond his presentation, Agbo enjoyed meeting with other highly experienced researchers in the cybersecurity field–some with more than thirty years of experience–and was grateful for the opportunity to engage them in conversation about their research. Agbo said the experience helped him feel more confident about his skills and experiences in cybersecurity, and he is ready to apply his knowledge to provide cybersecurity solutions to mitigate cyberattacks threatening national security.

Now, Agbo is hard at work developing a new cybersecurity risk assessment approach using artificial intelligence tools. He calls it “another masterpiece”. His colleagues in the Computing Ph.D. program can’t wait to see where this new project takes him in the world.