Investigating safety and security interactions using the BDMP formalism : case study of a DDoS attack on Liberia

Safety and security issues are converging on many innovative and worldwide connected systems. As the risks are also evolving, it is important that safety and security interactions are identified and formally addressed, in order to reduce threats that can endanger critical systems. This paper performs a detailed case study analysis on an international cyberattack to assess the presence of interactions between safety and security. The interactions found are further characterized following well-known definitions and standards, followed by the modelling of the case study through the BDMP (Boolean logic Driven Markov Processes) formalism. BDMP represents a modelling formalism that enables the dynamic graphical representation of an attack process, which can also give insights into how a system can fail. The case study concerns a distributed denial-of-service attack (DDoS) against the main telecommunication company in Liberia, a small West African nation. The high complexity of the attack provided aid in identifying diverse interactions at different levels between safety and security, some of which lead to critical vulnerabilities that made possible the attack.