[SystemSafety] [EC 61508 and cybersecurity
Martyn Thomas
martyn at thomas-associates.co.uk
Mon Jun 1 13:12:59 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 01/06/2015 11:03, Peter Bernard Ladkin wrote:
> ...
>
> IEC 62443 only concerns security in the process industries. At a
recent meeting of the German NC
> on E/E/PE functional safety, a representative from the NC concerned
with IEC 62443 said that
> everything necessary from ISO 27000 had been taken into account and
IEC 62443 was a successful
> enterprise. Having recently suffered through some heinously boring
presentations, involving
> subdivision and classification and boxes and arrows as far as the eye
could see, I .... um .....
> reserve judgement.
I have found a lengthy presentation of 62443 on the internet. It seems
to be a mix of 27001 and architectural partitioning into "zones"
separated by firewalls. The presentation said "be very careful designing
and implementing the firewalls".
Little engineering and nothing useful on assurance.
I can't see how I could use it to provide adequate confidence that I had
controlled the security threats to a safety-critical system adequately.
>
> You can only find out about results of the IEC Working Group by being
in it, as far as I can tell.
> I've tried to find out and get two sentences in reply. They are a
different two sentences for each
> colleague I ask. I don't "AND" the replies.
A sensible engineering standardisation process would start with an
public discussion between experts about the scope of the standard and
the criteria for judging a good outcome. Once these were agreed, the
development of the standard would also be public and interactive.
The current processes seem to have nothing to recommend them.
Martyn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQEcBAEBCgAGBQJVbD47AAoJEAev1z3Tv8QLoo8H/3RoraPCzVSt6MPh9hroVKj1
j4vKhCuBZqqRYVcOum62FpcHSCC+bAg3efurMR97Sp6NRqnbOaoZ4m5NssyMBbec
+g7HS5c66tUQ6zDoxERj2hGesXVYbkCOQn9A6a4EtolO2O21XmHu/U0T0+64Xfax
h1LhEXPgOCUu9iAsBKUY86ifZ+MdhGeuqSuYAPyE/0a95/oy3jZEbdehU2LWyKF6
VDMKfTFifnxHauCu6+J2WHcmPLVwYRxxjSzUcYVAmU3pQiDImioPtj82abTq/om9
EjQ67fSSU6xl5LJCjyr+/DUwI3QsUv1wxzXT4o1kOdWJKzmjND5kyi/PuBAu/88=
=EFZo
-----END PGP SIGNATURE-----
More information about the systemsafety
mailing list