[SystemSafety] [EC 61508 and cybersecurity

Andy Ashworth andy at the-ashworths.org
Mon Jun 1 13:27:25 CEST 2015 

I have previously held the position of safety assurance manager at a nuclear research laboratory. While my team was required to demonstrate that the consequences of any credible accident would not be unacceptable, my colleagues in the security team regarded our analysis as a security threat since we were identifying potential worst scenarios for any deliberate attack. 

There is definitely a contradiction between safety and security I terms of openness - for safety we want to be seen to be safe, but he security world requires us to hide the specific vulnerabilities of our systems. 

Andy

Sent from Andy's iPad

> On Jun 1, 2015, at 07:06, RICQUE Bertrand (SAGEM DEFENSE SECURITE) <bertrand.ricque at sagem.com> wrote:
> 
> It is not that simple.
>  
> Safety is a roughly 2D problem ( probability x consequence), the two dimensions being usually stable along the unique system timescale.
>  
> Security is a 3D problem with sub dimensions (attacker(motivation, capability), vulnerability(inherent, introduced), consequence), these dimensions being variable along two different timescales (target system timescale, attacker timescale).
>  
> Bertrand Ricque
> Program Manager
> Optronics and Defence Division
> Sights Program
> Mob : +33 6 87 47 84 64
> Tel : +33 1 58 11 96 82
> Bertrand.ricque at sagem.com
>  
> From: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Chris Hills
> Sent: Monday, June 01, 2015 12:50 PM
> To: martyn at thomas-associates.co.uk; systemsafety at lists.techfak.uni-bielefeld.de
> Subject: Re: [SystemSafety] [EC 61508 and cybersecurity
>  
> I have always though that safety and security are two sides of the same coin.  Often it is just a difference of emphasis or wording  but the requirements are very similar if not the same.
> The trouble is “cyber security” is the new buzzword so we need a standard for it…..    Surely it is better build on 61508 for something that is both safe and secure?
>  
> Or do you want something that is secure but unsafe?  J
>  
> Regards
>    Chris
>  
> 
> Phaedrus Systems Ltd Tel:   FREEphone 0808 1800 358
> 96 Brambling B77 5PG          Vat GB860621831  Co Reg #04120771
> Http://www.phaedsys.com  chills at phaedsys.com
>  
>  
> From: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Martyn Thomas
> Sent: 01 June 2015 10:09
> To: systemsafety at lists.techfak.uni-bielefeld.de
> Subject: Re: [SystemSafety] [EC 61508 and cybersecurity
>  
> Where can I find details of the content of IEC 62443, and of the IEC workgroup?
> 
> Martyn
> 
> 
> 
> On 01/06/2015 09:42, RICQUE Bertrand (SAGEM DEFENSE SECURITE) wrote:
> There is currently an IEC workgroup on what to do with IEC 61508 and cybersecurity (IEC 62443). The topic is thus not ignored.
>  
> #
> " Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite.Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés."
> ******
> " This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system."
> #
> 
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20150601/7581d114/attachment.html>

More information about the systemsafety mailing list