[SystemSafety] A couple of references on security
Peter Bernard Ladkin
ladkin at rvs.uni-bielefeld.de
Thu Jan 16 11:40:12 CET 2014
Hi folks, Happy New Year to everyone!
1. Peter Neumann asked me to write a short piece for the Risks Forum about the Bookout/Toyota
events. I haven't got around to it yet. Does someone else feel the call?
2. The SCSC SSS'14 program is out and available on the SCSC WWW site. John Knight is going to be
giving a Keynote, then chairing a panel session, on safety standards. 2014 is the year in which
maintenance of IEC 61508 is likely to start. And, I presume I shall find out Monday, the year in
which the revision of EN 50128, the railway control systems standard, sank.
3. Security is increasingly involved with safety. Not least so in embedded systems. Martyn pointed
out to me an op-ed piece by Bruce Schneier in which he is very worried about embedded-system
security, for very good reasons which he lays out. He is mostly concerned about routers. But we
worked a few years ago in a research project with major automobile and -component manufacturers on a
largely-software-configurable road-vehicle line, doing the threat analysis for the loading of SW in
the field (that is, at maintenance stations). I am thankful it is finally becoming an issue.
http://www.wired.com/opinion/2014/01/theres-no-good-way-to-patch-the-internet-of-things-and-thats-a-huge-problem/
4. I note that Embedded World in Nürnberg (Nuremberg) is in a couple weeks, a favorite of Chris
Hills and Nicholas McGuire. I didn't see much in the program about the matters concerning Schneier.
5. Off-topic but related. Sticking with matters that concern Schneier, I am very concerned about the
situation described in the Snowden revelations. I am preparing a piece about the consequences for
society of subverting Internet communications protocols - I suggest they are by no means good and
the public debate I have seen so far give them short shrift and I think this is even less good. But
it is not ready for distribution. Since November I have been maintaining a collection of links to
published articles and other matter, which I update on a roughly weekly basis, for a seminar at
Bielefeld in which we are discussing the issues. Others here might find it useful. The URL is
stable; the contents not
http://www.rvs.uni-bielefeld.de/publications/Discussions/CommPrivSurvRefsWS2013-14.pdf
PBL
--
Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
More information about the systemsafety
mailing list