STPA Step 3 - Identify Unsafe Control Actions (UCAs) using the 4-type analysis framework. After completing STPA Step 2. When analyzing control actions for potential safety issues. When you need to systematically identify what could go wrong with each control action.
For each control action identified in Step 2, determine if it could be hazardous under any of these 4 conditions:
"I'm using the STPA Step 3 skill to identify Unsafe Control Actions. We'll analyze each control action for 4 types of potential hazards."
: What happens if [Controller] does NOT send [Control Action] when it should?
Examples:
Question: What happens if [Controller] sends [Control Action] when it shouldn't?
Examples:
Question: What happens if [Control Action] is given too early, too late, or out of sequence?
Sub-types:
Examples:
Question: What happens if [Control Action] is stopped too soon or applied too long?
Sub-types:
Examples:
UCA-[number]: [Controller] [does/does not] [control action] [context], leading to [H-X]
Control Action: Auth Service issues access token
| Type | UCA | Hazard |
|---|---|---|
| Not Provided | UCA-1: Auth Service does not issue token when user provides valid credentials, causing service denial | H-3 |
| Provided | UCA-2: Auth Service issues token when credentials are invalid, allowing unauthorized access | H-1 |
| Wrong Timing | UCA-3: Auth Service issues token before credential verification completes | H-1 |
| Wrong Duration | UCA-4: Auth Service issues token that never expires, allowing indefinite access | H-1, H-2 |
Work through systematically:
Q1: What is the control action we're analyzing? (From Step 2's control structure)
Q2: Type 1 - What if it's NOT provided when needed?
Q3: Type 2 - What if it's provided when NOT needed?
Q4: Type 3 - What if the timing is wrong?
Q5: Type 4 - What if the duration is wrong?
Q6: Are any of these combinations N/A? Mark as N/A with brief explanation if truly not applicable.
| Control Action | Not Provided | Provided | Wrong Timing | Wrong Duration |
|---------------|--------------|----------|--------------|----------------|
| [CA-1] | UCA-1: [desc] → H-X | UCA-2: [desc] → H-Y | UCA-3: [desc] → H-X | N/A |
| [CA-2] | N/A | UCA-4: [desc] → H-X | UCA-5: [desc] → H-Y | UCA-6: [desc] → H-X |
After identifying all UCAs, prioritize by:
High priority = High severity + High likelihood + Low detectability
Record in .sgai/PROJECT_MANAGEMENT.md:
### Step 3: Unsafe Control Actions
#### UCA Analysis Table
| Control Action | Not Provided | Provided | Wrong Timing | Wrong Duration |
|---------------|--------------|----------|--------------|----------------|
| [CA from Step 2] | [UCA or N/A] | [UCA or N/A] | [UCA or N/A] | [UCA or N/A] |
#### UCA Details
**UCA-1:** [Controller] [action context] leading to [H-X]
- Type: [Not Provided / Provided / Wrong Timing / Wrong Duration]
- Priority: [High / Medium / Low]
**UCA-2:** [Controller] [action context] leading to [H-X]
- Type: [type]
- Priority: [priority]
#### UCA Summary
- Total UCAs identified: [count]
- High priority: [count]
- Medium priority: [count]
- Low priority: [count]
Move to Step 4 when:
Load: skills({"name":"stpa/step4-loss-scenarios"})