Fault tree and attack tree differences

The principal difference between an attack tree and a fault tree lies in how you enter and traverse each:

• Fault trees are not based on intelligently planned attacks in which leaves of the tree are entered according to the will of an intelligent entity (though a decision may drive the device or system into a state whereby the leaf is entered)
• Fault trees are traversed based on stochastic processes (failure/fault rates) from each leaf through the dependent, intermediate nodes
• Each fault tree leaf is completely independent (faults occur randomly and independently of each other) of all other leaves of the tree

A fault tree can account for the rate at which an aircraft's braking system may fail naturally, for example.

In the tool SecureITree we described earlier, you may also build fault trees by defining a probability indicator at the leaf nodes of the tree. Within the indicator dialog, enter a probability (for example, 1/100, 1/10,000, and so on) for the leaf node event/action to transpire.