Secure-by-design through Integrated Security, Safety and Human Factors
Authors: Thron, E., Ki-Aries, D., Dogan, H., Freer, M., Faily, S.
Conference: Ergonomics & Human Factors 2026
Dates: 27/04/2026
Publication Date: 07/05/2026
Abstract:Cyber-attacks increasingly threaten critical infrastructure, where interactions between security, safety, and human-system behaviour create complex socio-technical risks. If not managed early, these interactions can produce latent vulnerabilities and unsafe operational states.
This paper presents a Minimum Viable Product (MVP), developed by Bournemouth University and Mima and funded by the Defence Science and Technology Laboratory (Dstl), to operationalise Secure-by-Design through integrated Human Factors (HF), safety, and cybersecurity analysis. The MVP combines System-Theoretic Process Analysis (STPA) with Hierarchical Task Analysis (HTA), Cognitive Task Analysis (CTA), Performance Shaping Factors (PSFs), and Human Attributes analysis to generate a structured and traceable User Requirements Document (URD) from a Defence specification exemplar.
Results demonstrate that integrating HF, safety, and cybersecurity during early capability definition enables identification of cross-domain risks and supports derivation of coherent, traceable Secure-by-Design requirements for cyber-physical systems.
https://eprints.bournemouth.ac.uk/41992/
Source: Manual