Cyber-physical systems, such as self-driving cars or digitized electrical grids, often involve complex interactions between security, safety, and defense. Proper risk management strategies must account for these three critical domains and their interaction because the failure to address one domain can exacerbate risks in the others, leading to cascading effects that compromise the overall system resilience. This work presents a case study from Ascentio Technologies, a mission-critical system company in Argentina specializing in aerospace, where the interplay between safety, security, and defenses is critical for ensuring the resilience and reliability of their systems. The main focus will be on the Ground Segment for the satellite project currently developed by the company. Analyzing safety, security, and defense mechanisms together in the Ground Segment of a satellite project is crucial because these domains are deeply interconnected--for instance, a security breach could disable critical safety functions, or a safety failure could create opportunities for attackers to exploit vulnerabilities, amplifying the risks to the entire system. This paper showcases the application of the Attack-Fault-Defense Tree (AFDT) framework, which integrates attack trees, fault trees, and defense mechanisms into a unified model. AFDT provides an intuitive visual language that facilitates interdisciplinary collaboration, enabling experts from various fields to better assess system vulnerabilities and defenses. By applying AFDT to the Ground Segment of the satellite project, we demonstrate how qualitative analyses can be performed to identify weaknesses and enhance the overall system's security and safety. This case highlights the importance of jointly analyzing attacks, faults, and defenses to improve resilience in complex cyber-physical environments.

翻译：自动驾驶汽车或数字化电网等网络物理系统，通常涉及安全、安保与防御三者间的复杂交互。恰当的风险管理策略必须统筹考虑这三个关键领域及其相互作用，因为任一领域的疏漏都可能加剧其他领域的风险，导致连锁效应，从而损害系统的整体韧性。本研究展示了阿根廷关键任务系统公司Ascentio Technologies（专注于航空航天领域）的案例，其中安全、安保与防御之间的相互作用对于确保其系统韧性和可靠性至关重要。重点将放在该公司当前正在开发的卫星项目的地面段。在卫星项目地面段中综合分析安全、安保与防御机制至关重要，因为这些领域深度交织——例如，一次安全漏洞可能使关键的安全功能失效，或一次安全故障可能为攻击者利用漏洞创造机会，从而放大整个系统的风险。本文展示了攻击-故障-防御树框架的应用，该框架将攻击树、故障树和防御机制整合为统一模型。AFDT提供了一种直观的可视化语言，促进了跨学科协作，使来自不同领域的专家能够更好地评估系统漏洞和防御措施。通过将AFDT应用于卫星项目的地面段，我们展示了如何执行定性分析以识别弱点并增强整个系统的安全性与安保性。本案例强调了综合分析攻击、故障和防御对于提升复杂网络物理环境韧性的重要性。