Is MTBF Misleading You? Avoid Costly Reliability Mistakes
Mean Time Between Failures (MTBF) is one of the most widely used reliability metrics—but also one of the most misunderstood. It’s often seen as a simple way to assess system reliability, but in reality, it can create false expectations, flawed maintenance strategies, and costly decision-making errors.
Many engineers, managers, and decision-makers rely on MTBF without fully understanding its limitations. While it provides a rough estimate of expected failures over time, it does not predict when failures will occur or how a system will behave in real-world conditions. The result? Misleading reliability assessments, unnecessary maintenance costs, and unexpected downtime.
In this webinar, we’ll break down the biggest misconceptions about MTBF and discuss why using it as the sole reliability indicator can be risky. More importantly, we’ll explore practical alternatives and complementary methods to improve failure predictions and optimize maintenance strategies.
What You’ll Learn:
The fundamental flaws of MTBF and why it can be misleading
How relying solely on MTBF can lead to unexpected failures and increased costs
Real-world examples of MTBF
How to use MTBF with tools like Fault Tree Analysis (FTA), Failure Modes and Effects Analysis (FMEA), and other reliability tools provide more accurate insights
Whether you’re a reliability engineer, maintenance professional, or decision-maker looking to enhance system performance, this webinar will give you the tools and insights needed to move beyond MTBF and make more informed reliability decisions.
Don’t let misleading metrics drive your decisions—register now to gain actionable insights into better reliability analysis!
If you have any questions, I would love to hear from you! Please feel free to contact me.
Hey everyone! If you’ve ever worked with FMEAs, you know they’re great for mapping out potential failures, but they don’t always tell the full story. That’s where Fault Tree Analysis (FTA) comes in—it helps fill in the gaps by modeling system logic and dependencies. We recently hosted a webinar diving into this exact topic, and I’ll be posting a link to the recording so you can check it out for yourself!
Why Combine FMEA with Fault Trees?
FMEAs help you catalog failures, but they assume a pretty straightforward cause-and-effect relationship. Real-world systems are more complicated than that. Fault trees let you introduce logic gates (AND, OR, voting gates) to capture how failures interact, making your reliability analysis much more accurate.
We recently held a webinar on the topic of using FMEA's and Fault Trees together, in the webinar, we walked through a practical example using an airbag system. We showed how you can start with an FMEA, build a failure net, and then transform it into a fault tree for deeper insights.
The Process: From FMEA to Fault Tree
Start with the FMEA:
Identify failure modes, causes, and effects in a structured tool like e1ns.
Build a failure net to visualize how failures are connected.
Move to the Fault Tree:
Use Data Link Manager to transfer the failure net into FaultTree+.
Convert those cause-and-effect relationships into fault tree logic.
Refining the Model:
Add logic to reflect real-world system behaviors, like redundancies.
Assign failure rates from industry sources (MIL-217, SN29500, etc.).
Use minimal cut set analysis to find the weakest points in your system.
Run the Analysis & Make Improvements:
Check how often system failures are likely to happen.
Compare results against industry safety targets (ASIL, SIL, etc.).
Implement design changes (like redundant sensors) to improve reliability.
Key Takeaways from the Webinar
FMEAs Are a Starting Point: They help catalog potential failures but don’t handle system logic.
Fault Trees Fill in the Gaps: They let you model dependencies and quantify failure probabilities.
Data Integration is a Game-Changer: The Data Link Manager makes it easy to bridge FMEA and FTA.
Redundancy Matters: The airbag example showed how adding a 2-out-of-3 sensor voting gate drastically improved system reliability.
Final Thoughts
At the end of the day, combining FMEA with Fault Tree Analysis gives you a much clearer picture of system reliability. With tools like e1ns and FaultTree+, you can make smarter design choices and build more robust systems.
And if you have any questions or want a demo of our tools, just reach out. Let’s keep the conversation going!
Cybersecurity through Attack Tree Logic webinar introduction: In an age where digital systems are integral to every facet of our lives—from personal vehicles to national power grids—understanding potential cyber threats is more important than ever. Businesses, governments, and individuals alike need robust frameworks to anticipate and mitigate attacks before they happen. One such framework is Attack Tree Logic, a structured methodology that borrows from the principles of fault tree analysis to model and quantify cybersecurity risks.
List of topics covered in this webinar:
What Is Attack Tree Logic?
Attack Tree Logic is a systematic approach for identifying how malicious actors might achieve their goal of compromising a system. Originally inspired by safety and reliability methods like fault tree analysis, attack trees help break down complex security threats into logical hierarchies. At the top sits the attacker’s ultimate objective—such as gaining unauthorized access to a vehicle’s onboard computer. Beneath that goal lie intermediate objectives, potential vulnerabilities, and specific tactics an attacker might use.
Why Use Attack Trees for Cybersecurity?
While cybersecurity threats differ from traditional reliability or safety failures, the logic-based approach that has long been standard in engineering still applies. Attack trees provide:
Clarity and Structure: Rather than viewing a system’s security as an opaque challenge, attack trees map out potential intrusion paths step-by-step, making it easier to see where and how attackers might succeed.
Qualitative and Quantitative Insight: Initially, cybersecurity assessments were largely qualitative. Attack Tree Plus, a specialized software tool, extends this by integrating quantitative analysis. This helps security analysts assign probabilities to different attack scenarios and weigh their relative severity.
Informed Decision-Making: By ranking threats based on likelihood and impact, organizations can prioritize their security investments. For instance, if one attack path is more likely (due to easier access or lower skill requirements), it becomes the priority for mitigation.
Building an Attack Tree: A Practical Example
Consider a modern vehicle equipped with a sophisticated onboard computer. Researchers have shown that attackers could potentially gain access to vehicle systems through either the in-car entertainment system or an unsecured onboard diagnostic (OBD) dongle. An attack tree for this scenario might look like this:
Goal (Top Event): Attacker gains unauthorized access to the onboard computer.
Objective 1: Access via the entertainment system.
Potential Consequence: Unexpected braking or acceleration at low speed (a serious safety issue).
Required Conditions:
Specialized attack equipment and expertise.
A known vulnerability (e.g., an outdated security patch) in the entertainment software.
Objective 2: Access via the OBD dongle.
Potential Consequence: Malfunctioning or loss of function in lights and wipers (a moderate, but still significant, safety concern).
Required Conditions:
Availability of an unsecured OBD dongle in the vehicle.
A low-complexity attack, such as using a free mobile app to exploit that vulnerability.
By structuring the attack paths this way, security engineers can see both the direct routes (objectives) and the enabling factors (vulnerabilities, needed expertise, available tools) that make these attacks feasible.
Assigning Likelihood and Impact
One of the key advancements introduced by Attack Tree Plus is the ability to assign quantitative likelihoods based on real-world conditions. Instead of asking, “Could someone hack into the system?” analysts ask, “How likely is it given the skills, equipment costs, and time required?” Indicators such as the complexity of required knowledge, the availability of specialized tools, and the time window for the attack help assign a probability to each event.
For instance:
Attacks requiring months of preparation, expert-level skill, restricted knowledge, and bespoke equipment are likely to have a low probability.
Attacks that can be carried out quickly with readily available tools are more likely, bumping up their probability and making them more pressing risks.
Measuring Consequences and Risk
Attack trees also categorize outcomes by severity. Using standards such as ISO 21434 (common in the automotive industry), each identified consequence (e.g., loss of braking control) is given a weight indicating its severity. Combined with the attack likelihood, this severity weighting allows for a quantitative measure of risk.
Major Consequences: Higher severity outcomes (like interfering with vehicle speed) might have stringent thresholds and higher risk scores.
Moderate Consequences: Less severe, but still disruptive outcomes (like malfunctioning wipers), yield lower risk scores.
With these rankings, organizations can focus their efforts on mitigating the highest-risk attack paths first.
Adhering to Industry Standards
Different industries use various standards for assessing cybersecurity risk. From ISO 21434 in automotive cybersecurity to other frameworks like J3061, the Attack Tree Plus software supports a range of templates, each offering standardized likelihood, severity, and risk assessment scales. Companies can also customize these templates to align with internal security policies or emerging industry guidelines.
Beyond Cybersecurity: A Broader Framework
Though our example focuses on automotive cybersecurity, attack tree logic is flexible. It can be applied to a wide range of security contexts:
Physical Security: Determining the most probable ways to break into a building, sabotage infrastructure, or steal critical assets.
Supply Chain Security: Understanding how attackers might interfere with or exploit complex logistics systems.
Financial Systems: Identifying how intruders might bypass controls in financial institutions.
Conclusion: A Proactive Approach to Security
Attack Tree Logic provides more than just a theoretical framework. By visualizing and quantifying threats, it empowers organizations to anticipate attacks, weigh their risks, and invest wisely in preventive measures. As cybersecurity threats evolve in complexity, tools like Attack Tree Plus serve as essential allies, helping analysts stay one step ahead of would-be attackers and ensuring the resilience and safety of today’s interconnected systems.
Next Steps and Resources
If you’re interested in learning more about Attack Tree Logic, consider exploring:
Industry Standards: Check out ISO 21434 and J3061 for structured approaches to automotive cybersecurity.
Software Solutions: Tools like Attack Tree Plus integrate seamlessly with other reliability and quality platforms, offering a complete suite for analyzing complex systems.
Training and Consultation: Expert-led training sessions can further deepen your understanding, allowing you to build customized attack trees aligned with your organization’s unique risk landscape.
As we move into an era where cybersecurity and physical security converge, equipping yourself with robust analytical methods like Attack Tree Logic is no longer optional—it’s essential.
For many years we have received countless request for a self paced e learning option for the FaultTree+ course. Please note that although this course has not been completed it is nearing completion.
I am looking for any feedback or questions you might have.
I'm not going to lie I head up sales for Isograph in North America. I often get labelled with some of the tactics sales people use in my industry. The best advice I can give to a prospective client is to try models using your own data and information to see how they turn out. Also, check the calculations and software options to ensure the software product will do what you want it to do not only today but next year when your model has matured. Although I am a sales person and my lips are moving I'm not lying here.
Batch append is one of those points that one should consider in a mature software product. How are you going to combine the work of many individual engineers into a final model you can use for certification or to present to management? If your tool cannot do this run for the hills!
Sometimes, when working on a large system model, you need to share the load, and split up the fault tree development to different people. But then the time comes to combine everyone’s work together. How do we do that? And how do we make sure that our master fault tree contains the most up-to-date information from each engineer’s fault trees?
This excerpt from our in-development online training course gives a quick insight into using the Batch Append feature to automate the linking of fault trees from different user’s projects, and how to keep the linked file up-to-date with the latest changes.
Of course CAPEX will effect OPEX, or it should...or will it? The idea makes sense, however, at what point will a piece of equipment cost you more to maintain than it would cost to simply replace that piece of equipment? Should a refurbish be considered? How should a new plant be configured for the highest cost benefit? Not properly designing a system or not being willing to spend the money to replace equipment at the right interval could be costing you. By modelling your system in easy to use tools you can make logical decisions as well as justifying these decisions.
The next version of Reliability Workbench (13.0.2) has now been released. Join us for this special preview webinar to get an early look at the new features that have been added. From changes to the report viewer interface, updated Prediction stands, data linking to the Allocation module, new DLL functions, expanded IEC 61508 calculations for both the Fault Tree and FMECA modules, a new Fault Tree failure model, and a brand-new results dialog for the FMECA module, complete with ISO 26262 functionality, there’s plenty to get excited about.
As always if you have any questions about our software please feel free to contact me.
Although some might have superstitious feelings about Friday the 13th. We have chosen to hold a webinar to get you away from all the coffee talk. For Friday the 13th we have come up with a special preview of our next version of Reliability Workbench which is also version 13 (specifically 13.0.2). Join us for this special webinar, on Friday October 13th at 12 PM Eastern Time, to get an early look at the new features that have been added. We have added significant changes to the report viewer interface, updated Prediction stands, data linking to the Allocation module, new DLL functions, expanded IEC 61508 calculations for both the Fault Tree and FMECA modules, a new Fault Tree failure model, and a brand-new results dialog for the FMECA module, complete with ISO 26262 functionality. There's plenty to get excited about.
Isograph is pleased to announce that Reliability Workbench FaultTree+ and FMECA modules have been tested by SGS-TÜV according to ISO 26262-8:2011 and certified as suitable for safety analyses up to ASIL D.
ISO 26262 (Road vehicles - Functional safety) is an adaptation of IEC 61508 for the automotive industry. It addresses possible hazards due to malfunctions in electronic/electrical safety related systems in passenger vehicles up to 3500kg.
Isograph's world leading reliability software is used widely in the Automotive industry for ISO 26262 compliant safety analyses.
In today's increasingly interconnected world, system hazards are more likely than ever to originate from deliberate attacks, such as hacking and malware.
Using the example of how an attacker could gain access to on-board systems in a car by hacking into the entertainment system, this webinar will show how attack tree analysis, a modified form of fault tree analysis, can be used to predict the frequency of a threat due to attacks on a system and the failure of defensive measures.
We will also demonstrate how attack tree analysis can take into account the impact of a successful attack on factors such as cost and safety, as well as the cost and difficulty incurred by the attacker.
Included is a web demonstration where we will address modelling these threats in AttackTree+:
As always please feel free to contact me if you have any questions.
Best Regards, Jeremy
Let's Keep In Touch!
Subscribe to our newsletter to get the latest information on Isograph software.
By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact
