Using Attack and Failure Propagation Analysis for Context-Aware Security Control Suggestions

Cybersecurity is becoming increasingly important, especially in safety-critical domains, where cyber attacks can pose significant safety risks. In response, standards and laws such as the Cyber Resilience Act (CRA) require product teams to conduct comprehensive assessments of cybersecurity threats and implement appropriate security controls throughout the product lifecycle. Despite the availability of structured catalogs for requirements and mitigations, there is currently no automated method for integrating threat analysis results with these catalogs or for determining optimal control deployment strategies. Furthermore, addressing threats in isolation often results in long and redundant lists of potential controls, which increases development costs and complexity. To bridge this gap, we propose a semi-automated, model-based approach to suggest security controls. Our approach utilizes Security-enhanced Component Fault Trees (SeCFT) to analyze attack and failure propagation and employs a structured catalog to generate context-specific control recommendations along with appropriate deployment locations. This approach helps engineers efficiently select a coherent set of controls, enabling them to build a robust, multi-layered defense. We validated our approach through a proof-of-concept implementation in a real-world case study.