The SEMA referential framework: Avoiding ambiguities in the terms “security” and “safety”

The meaning of the terms “security” and “safety” varies considerably from one context to another, leading to potential ambiguities. These ambiguities are very problematic in the critical infrastructure protection domain, which involves multiple actors and engineering disciplines. Avoiding misunderstandings caused by the ambiguities during the early stages of system design and risk assessment can save time and resources; it also helps ensure a more consistent and complete risk coverage. Based on a review of the existing definitions of security and safety, this paper identifies the main distinctions between the two notions. It proposes a referential framework called SEMA, which makes the latent differences underlying the use of the terms security and safety explicit. Three sectors are examined as use cases: The power grid, nuclear power generation, and telecommunications and data networks. Mapping the different sector definitions of security and safety in the SEMA framework makes their respective meanings explicit and reveals inconsistencies and overlaps.