diff --git a/data/json/decision_points/human_impact_2_0_1.json b/data/json/decision_points/human_impact_2_0_1.json new file mode 100644 index 00000000..6c83e47e --- /dev/null +++ b/data/json/decision_points/human_impact_2_0_1.json @@ -0,0 +1,29 @@ +{ + "namespace": "ssvc", + "version": "2.0.1", + "key": "HI", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + }, + { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + ] +} \ No newline at end of file diff --git a/data/json/decision_points/mission_and_well-being_impact_1_0_0.json b/data/json/decision_points/mission_and_well-being_impact_1_0_0.json index e43930d3..9751bded 100644 --- a/data/json/decision_points/mission_and_well-being_impact_1_0_0.json +++ b/data/json/decision_points/mission_and_well-being_impact_1_0_0.json @@ -8,17 +8,17 @@ { "key": "L", "name": "Low", - "description": "Mission Prevalence Minimal and Public Well-Being Impact Minimal" + "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" }, { "key": "M", "name": "Medium", - "description": "Mission Prevalence Support and Public Well-Being Impact Minimal or Material" + "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" }, { "key": "H", "name": "High", - "description": "Mission Prevalence Essential or Public Well-Being Impact Irreversible" + "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" } ] } \ No newline at end of file diff --git a/data/json/decision_points/public_safety_impact_2_0_1.json b/data/json/decision_points/public_safety_impact_2_0_1.json new file mode 100644 index 00000000..b993b033 --- /dev/null +++ b/data/json/decision_points/public_safety_impact_2_0_1.json @@ -0,0 +1,19 @@ +{ + "namespace": "ssvc", + "version": "2.0.1", + "key": "PSI", + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "Safety Impact:Negligible" + }, + { + "key": "S", + "name": "Significant", + "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + } + ] +} \ No newline at end of file diff --git a/data/json/decision_points/public_well-being_impact_1_0_0.json b/data/json/decision_points/public_well-being_impact_1_0_0.json index 59ba9b34..7e6556f4 100644 --- a/data/json/decision_points/public_well-being_impact_1_0_0.json +++ b/data/json/decision_points/public_well-being_impact_1_0_0.json @@ -13,12 +13,12 @@ { "key": "M", "name": "Material", - "description": "(Any one or more of these conditions hold.) \n\n*Physical harm*: Does one or more of the following:\n\n- Causes physical distress or injury to system users.\n- Introduces occupational safety hazards.\n- Reduces and/or results in failure of cyber-physical system safety margins.\n\n*Environment*: Major externalities (property damage, environmental damage, etc.) are\nimposed on other parties. \n\n*Financial*: Financial losses likely lead to bankruptcy of multiple persons. \n \n*Psychological*: Widespread emotional or psychological harm, sufficient to necessitate\ncounseling or therapy, impact populations of people. \n" + "description": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " }, { "key": "I", "name": "Irreversible", - "description": "(Any one or more of these conditions hold.)\n \n*Physical harm*: One or both of the following are true:\n\n- Multiple fatalities are likely.\n- The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed.\n\n*Environment*: Extreme or serious externalities (immediate public health threat, environmental damage leading to small\necosystem collapse, etc.) are imposed on other parties.\n\n*Financial*: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially\ncollapse.\n\n*Psychological*: N/A \n" + "description": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " } ] } \ No newline at end of file diff --git a/data/json/decision_points/safety_impact_2_0_0.json b/data/json/decision_points/safety_impact_2_0_0.json new file mode 100644 index 00000000..f2e86410 --- /dev/null +++ b/data/json/decision_points/safety_impact_2_0_0.json @@ -0,0 +1,29 @@ +{ + "namespace": "ssvc", + "version": "2.0.0", + "key": "SI", + "name": "Safety Impact", + "description": "The safety impact of the vulnerability. (based on IEC 61508)", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "Any one or more of these conditions hold. Physical harm: Minor injuries at worst (IEC 61508 Negligible). Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + }, + { + "key": "M", + "name": "Marginal", + "description": "Any one or more of these conditions hold. Physical harm: Major injuries to one or more persons (IEC 61508 Marginal). Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + }, + { + "key": "R", + "name": "Critical", + "description": "Any one or more of these conditions hold. Physical harm: Loss of life (IEC 61508 Critical). Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system\u2019s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." + }, + { + "key": "C", + "name": "Catastrophic", + "description": "Any one or more of these conditions hold. Physical harm: Multiple loss of life (IEC 61508 Catastrophic). Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." + } + ] +} \ No newline at end of file diff --git a/docs/_generated/decision_points/human_impact.md b/docs/_generated/decision_points/human_impact.md index 14599ffa..22faf37a 120000 --- a/docs/_generated/decision_points/human_impact.md +++ b/docs/_generated/decision_points/human_impact.md @@ -1 +1 @@ -human_impact_2_0_0.md \ No newline at end of file +human_impact_2_0_1.md \ No newline at end of file diff --git a/docs/_generated/decision_points/human_impact_2_0_1.md b/docs/_generated/decision_points/human_impact_2_0_1.md new file mode 100644 index 00000000..d5bf8ac8 --- /dev/null +++ b/docs/_generated/decision_points/human_impact_2_0_1.md @@ -0,0 +1,19 @@ + +!!! note "Human Impact v2.0.1" + + === "Text" + + Human Impact is a combination of Safety and Mission impacts. + + | Value | Definition | + |:-----|:-----------| + | Low | Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled) | + | Medium | (Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled)) | + | High | (Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure) | + | Very High | Safety Impact:Catastrophic OR Mission Impact:Mission Failure | + + === "JSON" + + ```json + {% include "../../../data/json/decision_points/human_impact_2_0_1.json" %} + ``` diff --git a/docs/_generated/decision_points/mission_and_well-being_impact_1_0_0.md b/docs/_generated/decision_points/mission_and_well-being_impact_1_0_0.md index cb4071a5..bfc26462 100644 --- a/docs/_generated/decision_points/mission_and_well-being_impact_1_0_0.md +++ b/docs/_generated/decision_points/mission_and_well-being_impact_1_0_0.md @@ -7,9 +7,9 @@ | Value | Definition | |:-----|:-----------| - | Low | Mission Prevalence Minimal and Public Well-Being Impact Minimal | - | Medium | Mission Prevalence Support and Public Well-Being Impact Minimal or Material | - | High | Mission Prevalence Essential or Public Well-Being Impact Irreversible | + | Low | Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal | + | Medium | Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material) | + | High | Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible) | === "JSON" diff --git a/docs/_generated/decision_points/public_safety_impact.md b/docs/_generated/decision_points/public_safety_impact.md index e317aee9..d2071e3b 120000 --- a/docs/_generated/decision_points/public_safety_impact.md +++ b/docs/_generated/decision_points/public_safety_impact.md @@ -1 +1 @@ -public_safety_impact_2_0_0.md \ No newline at end of file +public_safety_impact_2_0_1.md \ No newline at end of file diff --git a/docs/_generated/decision_points/public_safety_impact_2_0_1.md b/docs/_generated/decision_points/public_safety_impact_2_0_1.md new file mode 100644 index 00000000..45546a2e --- /dev/null +++ b/docs/_generated/decision_points/public_safety_impact_2_0_1.md @@ -0,0 +1,17 @@ + +!!! note "Public Safety Impact v2.0.1" + + === "Text" + + A coarse-grained representation of impact to public safety. + + | Value | Definition | + |:-----|:-----------| + | Minimal | Safety Impact:Negligible | + | Significant | Safety Impact:(Marginal OR Critical OR Catastrophic) | + + === "JSON" + + ```json + {% include "../../../data/json/decision_points/public_safety_impact_2_0_1.json" %} + ``` diff --git a/docs/_generated/decision_points/public_well-being_impact_1_0_0.md b/docs/_generated/decision_points/public_well-being_impact_1_0_0.md index 43e6d976..e3802f4c 100644 --- a/docs/_generated/decision_points/public_well-being_impact_1_0_0.md +++ b/docs/_generated/decision_points/public_well-being_impact_1_0_0.md @@ -8,37 +8,8 @@ | Value | Definition | |:-----|:-----------| | Minimal | The effect is below the threshold for all aspects described in material. | - | Material | (Any one or more of these conditions hold.) - -*Physical harm*: Does one or more of the following: - -- Causes physical distress or injury to system users. -- Introduces occupational safety hazards. -- Reduces and/or results in failure of cyber-physical system safety margins. - -*Environment*: Major externalities (property damage, environmental damage, etc.) are -imposed on other parties. - -*Financial*: Financial losses likely lead to bankruptcy of multiple persons. - -*Psychological*: Widespread emotional or psychological harm, sufficient to necessitate -counseling or therapy, impact populations of people. - | - | Irreversible | (Any one or more of these conditions hold.) - -*Physical harm*: One or both of the following are true: - -- Multiple fatalities are likely. -- The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. - -*Environment*: Extreme or serious externalities (immediate public health threat, environmental damage leading to small -ecosystem collapse, etc.) are imposed on other parties. - -*Financial*: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially -collapse. - -*Psychological*: N/A - | + | Material | Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. | + | Irreversible | Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A | === "JSON" diff --git a/docs/_generated/decision_points/safety_impact.md b/docs/_generated/decision_points/safety_impact.md index 55eace7f..e3cfa4d7 120000 --- a/docs/_generated/decision_points/safety_impact.md +++ b/docs/_generated/decision_points/safety_impact.md @@ -1 +1 @@ -safety_impact_1_0_0.md \ No newline at end of file +safety_impact_2_0_0.md \ No newline at end of file diff --git a/docs/_generated/decision_points/safety_impact_2_0_0.md b/docs/_generated/decision_points/safety_impact_2_0_0.md new file mode 100644 index 00000000..c8a2c2bf --- /dev/null +++ b/docs/_generated/decision_points/safety_impact_2_0_0.md @@ -0,0 +1,19 @@ + +!!! note "Safety Impact v2.0.0" + + === "Text" + + The safety impact of the vulnerability. (based on IEC 61508) + + | Value | Definition | + |:-----|:-----------| + | Negligible | Any one or more of these conditions hold. Physical harm: Minor injuries at worst (IEC 61508 Negligible). Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons. | + | Marginal | Any one or more of these conditions hold. Physical harm: Major injuries to one or more persons (IEC 61508 Marginal). Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people. | + | Critical | Any one or more of these conditions hold. Physical harm: Loss of life (IEC 61508 Critical). Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A. | + | Catastrophic | Any one or more of these conditions hold. Physical harm: Multiple loss of life (IEC 61508 Catastrophic). Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A. | + + === "JSON" + + ```json + {% include "../../../data/json/decision_points/safety_impact_2_0_0.json" %} + ``` diff --git a/docs/reference/decision_points/human_impact.md b/docs/reference/decision_points/human_impact.md index 617d91d5..911c8244 100644 --- a/docs/reference/decision_points/human_impact.md +++ b/docs/reference/decision_points/human_impact.md @@ -24,7 +24,7 @@ Even small deviations in safety are unlikely to go unnoticed or unaddressed. We suspect that the presence of regulatory oversight for safety issues and its absence at the lower end of the mission impact scale influences this behavior. Because of this higher sensitivity to safety concerns, we chose to retain a four-level resolution for the safety dimension. We then combine Mission Impact with Situated Safety impact and map them onto a 4-tiered scale (Low, Medium, High, Very High). -The mapping is shown in the following table. +The mapping is shown in the table above. ## Safety and Mission Impact Decision Points for Industry Sectors @@ -38,3 +38,8 @@ For considerations on how organizations might communicate SSVC information to th see [Guidance on Communicating Results](../../../howto/communicating_results.md). +## Prior Versions + +{% include-markdown "../../_generated/decision_points/human_impact_2_0_0.md" %} + +{% include-markdown "../../_generated/decision_points/mission_and_well-being_impact_1_0_0.md" %} diff --git a/docs/reference/decision_points/public_safety_impact.md b/docs/reference/decision_points/public_safety_impact.md index f1b7d94b..1da132b5 100644 --- a/docs/reference/decision_points/public_safety_impact.md +++ b/docs/reference/decision_points/public_safety_impact.md @@ -11,7 +11,12 @@ This is a compound decision point, therefore it is a notational convenience. Suppliers necessarily have a rather coarse-grained perspective on the broadly defined [Safety Impact](../safety_impact.md) Decision Point. Therefore we simplify the above into a binary categorization: -- _Significant_ is when any impact meets the criteria for an impact of Major, Hazardous, or Catastrophic in the +- _Significant_ is when any impact meets the criteria for an impact of Marginal, Critical, or Catastrophic in the [Safety Impact](../safety_impact.md) table. - _Minimal_ is when none do. +## Prior Versions + +{% include-markdown "../../_generated/decision_points/public_safety_impact_2_0_0.md" %} + +{% include-markdown "../../_generated/decision_points/public_well-being_impact_1_0_0.md" %} diff --git a/docs/reference/decision_points/safety_impact.md b/docs/reference/decision_points/safety_impact.md index 92ed06a5..ccc4c5c7 100644 --- a/docs/reference/decision_points/safety_impact.md +++ b/docs/reference/decision_points/safety_impact.md @@ -211,3 +211,8 @@ resiliency Deployers are anticipated to have a more fine-grained perspective on the safety impacts broadly defined in [Safety Impact](#table-safety-impact). We defer this topic for now because we combine it with [*Mission Impact*](#mission-impact) to simplify implementation for deployers. + +## Prior Versions + +{% include-markdown "../../_generated/decision_points/safety_impact_1_0_0.md" %} + diff --git a/src/ssvc/decision_points/human_impact.py b/src/ssvc/decision_points/human_impact.py index b60faa61..bc3c48ad 100644 --- a/src/ssvc/decision_points/human_impact.py +++ b/src/ssvc/decision_points/human_impact.py @@ -1,4 +1,7 @@ #!/usr/bin/env python +""" +Provides the Human Impact decision point and its values. +""" # Copyright (c) 2023-2024 Carnegie Mellon University and Contributors. # - see Contributors.md for a full list of Contributors # - see ContributionInstructions.md for information on how you can Contribute to this project @@ -21,23 +24,42 @@ description="Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal", ) +LOW_2 = SsvcDecisionPointValue( + name="Low", + key="L", + description="Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)", +) + +LOW_3 = SsvcDecisionPointValue( + name="Low", + key="L", + description="Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)", +) + MEDIUM_1 = SsvcDecisionPointValue( name="Medium", key="M", description="Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)", ) +MEDIUM_2 = SsvcDecisionPointValue( + name="Medium", + key="M", + description="(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))", +) + +MEDIUM_3 = SsvcDecisionPointValue( + name="Medium", + key="M", + description="(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))", +) + HIGH_1 = SsvcDecisionPointValue( name="High", key="H", description="Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)", ) -VERY_HIGH_1 = SsvcDecisionPointValue( - name="Very High", - key="VH", - description="Safety Impact:Catastrophic OR Mission Impact:Mission Failure", -) HIGH_2 = SsvcDecisionPointValue( name="High", @@ -45,16 +67,16 @@ description="(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)", ) -MEDIUM_2 = SsvcDecisionPointValue( - name="Medium", - key="M", - description="(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))", +HIGH_3 = SsvcDecisionPointValue( + name="High", + key="H", + description="(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)", ) -LOW_2 = SsvcDecisionPointValue( - name="Low", - key="L", - description="Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)", +VERY_HIGH_1 = SsvcDecisionPointValue( + name="Very High", + key="VH", + description="Safety Impact:Catastrophic OR Mission Impact:Mission Failure", ) @@ -70,6 +92,7 @@ ), ) + HUMAN_IMPACT_2 = SsvcDecisionPoint( name="Human Impact", description="Human Impact is a combination of Safety and Mission impacts.", @@ -83,9 +106,22 @@ ), ) +HUMAN_IMPACT_2_0_1 = SsvcDecisionPoint( + name="Human Impact", + description="Human Impact is a combination of Safety and Mission impacts.", + key="HI", + version="2.0.1", + values=( + LOW_3, + MEDIUM_3, + HIGH_3, + VERY_HIGH_1, + ), +) + def main(): - versions = (MISSION_AND_WELL_BEING_IMPACT_1, HUMAN_IMPACT_2) + versions = (MISSION_AND_WELL_BEING_IMPACT_1, HUMAN_IMPACT_2, HUMAN_IMPACT_2_0_1) print_versions_and_diffs(versions) diff --git a/src/ssvc/decision_points/public_safety_impact.py b/src/ssvc/decision_points/public_safety_impact.py index 4b383105..cb857797 100644 --- a/src/ssvc/decision_points/public_safety_impact.py +++ b/src/ssvc/decision_points/public_safety_impact.py @@ -1,4 +1,7 @@ #!/usr/bin/env python +""" +Provides the Public Safety Impact decision point and its values. +""" # Copyright (c) 2024 Carnegie Mellon University and Contributors. # - see Contributors.md for a full list of Contributors @@ -24,42 +27,29 @@ MATERIAL = SsvcDecisionPointValue( name="Material", - description="""(Any one or more of these conditions hold.) - -*Physical harm*: Does one or more of the following: - -- Causes physical distress or injury to system users. -- Introduces occupational safety hazards. -- Reduces and/or results in failure of cyber-physical system safety margins. - -*Environment*: Major externalities (property damage, environmental damage, etc.) are -imposed on other parties. - -*Financial*: Financial losses likely lead to bankruptcy of multiple persons. - -*Psychological*: Widespread emotional or psychological harm, sufficient to necessitate -counseling or therapy, impact populations of people. -""", + description="Any one or more of these conditions hold. " + "Physical harm: Does one or more of the following: " + "(a) Causes physical distress or injury to system users. " + "(b) Introduces occupational safety hazards. " + "(c) Reduces and/or results in failure of cyber-physical system safety margins. " + "Environment: Major externalities (property damage, environmental damage, etc.) are " + "imposed on other parties. " + "Financial: Financial losses likely lead to bankruptcy of multiple persons. " + "Psychological: Widespread emotional or psychological harm, sufficient to necessitate " + "counseling or therapy, impact populations of people. ", key="M", ) IRREVERSIBLE = SsvcDecisionPointValue( name="Irreversible", - description="""(Any one or more of these conditions hold.) - -*Physical harm*: One or both of the following are true: - -- Multiple fatalities are likely. -- The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. - -*Environment*: Extreme or serious externalities (immediate public health threat, environmental damage leading to small -ecosystem collapse, etc.) are imposed on other parties. - -*Financial*: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially -collapse. - -*Psychological*: N/A -""", + description="Any one or more of these conditions hold. " + "Physical harm: One or both of the following are true: (a) Multiple fatalities are likely." + "(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. " + " Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small " + " ecosystem collapse, etc.) are imposed on other parties. " + " Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially " + "collapse. " + " Psychological: N/A ", key="I", ) @@ -73,6 +63,17 @@ name="Minimal", description="Safety Impact:(None OR Minor)", key="M" ) +SIGNIFICANT_1 = SsvcDecisionPointValue( + name="Significant", + description="Safety Impact:(Marginal OR Critical OR Catastrophic)", + key="S", +) + +MINIMAL_3 = SsvcDecisionPointValue( + name="Minimal", description="Safety Impact:Negligible", key="M" +) + + PUBLIC_WELL_BEING_IMPACT_1 = SsvcDecisionPoint( name="Public Well-Being Impact", description="A coarse-grained representation of impact to public well-being.", @@ -96,14 +97,25 @@ ), ) +PUBLIC_SAFETY_IMPACT_2_0_1 = SsvcDecisionPoint( + name="Public Safety Impact", + description="A coarse-grained representation of impact to public safety.", + key="PSI", + version="2.0.1", + values=( + MINIMAL_3, + SIGNIFICANT_1, + ), +) + def main(): - print_versions_and_diffs( - [ - PUBLIC_WELL_BEING_IMPACT_1, - PUBLIC_SAFETY_IMPACT_2, - ] + versions = ( + PUBLIC_WELL_BEING_IMPACT_1, + PUBLIC_SAFETY_IMPACT_2, + PUBLIC_SAFETY_IMPACT_2_0_1, ) + print_versions_and_diffs(versions) if __name__ == "__main__": diff --git a/src/ssvc/decision_points/safety_impact.py b/src/ssvc/decision_points/safety_impact.py index 1b633f02..b33b3ca6 100644 --- a/src/ssvc/decision_points/safety_impact.py +++ b/src/ssvc/decision_points/safety_impact.py @@ -1,11 +1,23 @@ #!/usr/bin/env python """ -file: safety_impact -author: adh -created_at: 9/21/23 10:05 AM +Provides the Safety Impact decision point and its values. """ +# Copyright (c) 2024 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University + from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.helpers import print_versions_and_diffs CATASTROPHIC = SsvcDecisionPointValue( name="Catastrophic", @@ -63,6 +75,60 @@ description="The effect is below the threshold for all aspects described in Minor.", ) +## Based on the IEC 61508 standard +## Catastrophic, Critical, Marginal, Negligible + +CATASTROPHIC_2 = SsvcDecisionPointValue( + name="Catastrophic", + key="C", + description="Any one or more of these conditions hold. " + "Physical harm: Multiple loss of life (IEC 61508 Catastrophic). " + "Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). " + "System resiliency: Total loss of whole cyber-physical system, of which the software is a part. " + "Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. " + "Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. " + "Psychological: N/A.", +) + +CRITICAL = SsvcDecisionPointValue( + name="Critical", + key="R", + description="Any one or more of these conditions hold. " + "Physical harm: Loss of life (IEC 61508 Critical). " + "Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. " + "System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. " + "Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. " + "Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. " + "Psychological: N/A.", +) + +MARGINAL = SsvcDecisionPointValue( + name="Marginal", + key="M", + description="Any one or more of these conditions hold. " + "Physical harm: Major injuries to one or more persons (IEC 61508 Marginal). " + "Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the " + "vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. " + "System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. " + "Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. " + "Financial: Financial losses that likely lead to bankruptcy of multiple persons. " + "Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people.", +) + +NEGLIGIBLE = SsvcDecisionPointValue( + name="Negligible", + key="N", + description="Any one or more of these conditions hold. " + "Physical harm: Minor injuries at worst (IEC 61508 Negligible). " + "Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the " + "vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. " + "System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. " + "Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. " + "Financial Financial losses, which are not readily absorbable, to multiple persons. " + "Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons.", +) + + SAFETY_IMPACT_1 = SsvcDecisionPoint( name="Safety Impact", description="The safety impact of the vulnerability.", @@ -78,8 +144,24 @@ ) +SAFETY_IMPACT_2 = SsvcDecisionPoint( + name="Safety Impact", + description="The safety impact of the vulnerability. (based on IEC 61508)", + key="SI", + version="2.0.0", + values=( + NEGLIGIBLE, + MARGINAL, + CRITICAL, + CATASTROPHIC_2, + ), +) + + def main(): - print(SAFETY_IMPACT_1.to_json(indent=2)) + versions = (SAFETY_IMPACT_1, SAFETY_IMPACT_2) + + print_versions_and_diffs(versions) if __name__ == "__main__":