Resolving Conflicts Between PSIRT and Safety Teams: A Collaborative Approach

Abstract: The need to meet safety and security simultaneously is increasing in industrial control systems (ICS) and industrial robots, where network connectivity is rapidly expanding. However, the "safety first" culture that has taken root in many companies has put security requirements on the back burner, and there is a structure prone to conflicts between the two domains. In this study, the authors elucidate the conflict factors in the safety and security life cycle and propose a new collaborative framework based on the knowledge creation theory (SECI model, Ba, knowledge assets) of Nonaka et al. We conducted semi-structured interviews and qualitative analysis of five Japanese Industrial product suppliers. In the interview, we highlighted potential and actual conflicts between the product safety and security teams (e.g., PSIRT: Product Security Incident Response Team). In this paper, we proposed a resolution model for conflicts by dealing with cultural and cognitive gaps among experts from the perspective of human factors. We hope this model improves risk management in various industries and under cybersecurity laws and regulations amid tight regulations worldwide, such as the EU Cyber Resilience Act.

Keywords: Industrial Cybersecurity, Safety and security Integration, PSIRT, EU Cyber Resilience Act, Cross-functional Collaboration

DOI: 10.54941/ahfe1006144

Cite this paper:

​