[SystemSafety] [EC 61508 and cybersecurity

RICQUE Bertrand (SAGEM DEFENSE SECURITE) bertrand.ricque at sagem.com
Mon Jun 1 13:21:09 CEST 2015 

For the consequences, yes.

For the analyse of the potential causes, you explode the possibilities with security compared to safety, and you open additional topics far from pure system functions.

Bertrand Ricque
Program Manager
Optronics and Defence Division
Sights Program
Mob : +33 6 87 47 84 64
Tel : +33 1 58 11 96 82
Bertrand.ricque at sagem.com


-----Original Message-----
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Peter Bernard Ladkin
Sent: Monday, June 01, 2015 1:17 PM
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] [EC 61508 and cybersecurity

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2015-06-01 13:06 , RICQUE Bertrand (SAGEM DEFENSE SECURITE) wrote:
> Safety is a roughly 2D problem ( probability x consequence), the two
> dimensions being usually stable along the unique system timescale.
>
> Security is a 3D problem with sub dimensions

The analysis of what the consequences are and how they happen is very similar for both safety and security. Something happens to your system that cause it to do what you do not want. That "something" can be happenstance, or it can be deliberate. But the consequences are determined exactly the same way by the system properties in both cases. For analytical purposes, for security incidents you turn some of the possible events into quasi-Booleans (turning happenstance into
intention) and formally propagate through the Causal Fault Graph.

PBL

Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de




-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJVbD8TAAoJEIZIHiXiz9k+5loIAJBiN25aTEdJ+oJNzfVdak24
k9UdknrSC6adF2fkpKGx6qUgv9XnyPusgjVuLs/5POpbjP/fRtWifZgCOAnseoqB
hM5PhJYnP1qU1XmFmLGa0nXWNE5ydZwhOkcie9AW91Yt6B5AWpo4VKX+3pd156Gy
OPDW+4x6jiPd5/8aWjjfyUxpAUrVpEiiRtbP5078LSwioL8DfO+FioepZZ4/b6d1
WysBhE/L9Q/mmx/ccislS8ljt2t7rPTv2ID34qpTCzAd9WgPc52s/6RTHHevGCB6
WQ45MkqpII4jLkHIY5YECxMhn+11tFaN1fOkvOfdDrMsEPiU98A+W81Aah0X454=
=2eCZ
-----END PGP SIGNATURE-----
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
#
" Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés."
******
" This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system."
#

More information about the systemsafety mailing list