On the use of non-coherent fault trees in safety and security studies

This paper gives some insights on the usefulness of non-coherent fault trees in system modelling from both the point of view of safety and security.A safety-related system can evolve from the working states to failed states through degraded states, i.e. working state, but in a degraded mode. In practical applications the degraded states may be of particular interest due e.g. to the associated risk increase or the different types of consequent actions. The top events definitions of such states contain the working conditions of some sub-systems/components. How the use of non-coherent fault trees can greatly simplify both the modelling and quantification of these states is shown in this paper. Some considerations about the interpretation of the importance indexes of negated basic events are also briefly described.When dealing with security applications, there is a need to cope not only with stochastic events, such as component failures and human errors, but also with deliberate intentional actions, whose successes might be characterised by high probability values. Different mutually exclusive attack scenarios may be envisaged for a given system. Hence, the essential feature of a fault tree analyser is the capability to determine the exact value of the top event probability containing mutually exclusive events. It is also shown that in these cases the use of non-coherent fault trees allows solving the problem with limited effort.