A Human Factors-Cyber-Safety Framework for Risk and Requirements in Critical Infrastructure

Open Access
Article
Conference Proceedings
Authors: Eylem ThronDuncan Ki-AriesMartin FreerHuseyin DoganShamal Faily
Abstract

Cyber-attacks on critical infrastructure are increasing in scale and sophistication, yet cybersecurity practice remains dominated by technology-centric assessments that insufficiently represent human contributions to risk. In cyber-physical systems (CPS), non-malicious human actions -including slips, mistakes, workarounds, training gaps, and misaligned procedures- frequently create, amplify or fail to detect vulnerabilities.This paper presents an integrated socio-technical framework that combines Human Factors (HF) methods, safety analysis, and cybersecurity modelling within a Secure-by-Design approach. The framework models how human performance variability influences cyber vulnerability and safety outcomes, enabling structured, scenario-based risk assessment and the derivation of traceable engineering requirements. An illustrative application demonstrates how HF findings are translated into human error mechanisms, cyber effects, unsafe control actions, safety impacts, and prioritised Secure-by-Design controls. By operationalising HF methods as cybersecurity engineering tools, the approach reframes cybersecurity as a socio-technical reliability problem comparable to safety engineering.

Keywords: Human Factors, Cybersecurity, Safety-critical Systems, Critical Infrastructure, Risk Modelling, Secure-by-design

DOI: 10.54941/ahfe1007407

Cite this paper
Downloads
0
Visits
1
Download PDF

More from this volume

Cognitive Load and Compliance: A Human-Centric Framework for NIS2 in Latvian SMEs
View all articles in Human Factors in Cybersecurity