[SystemSafety] [EC 61508 and cybersecurity
Peter Bishop
pgb at adelard.com
Wed Jun 3 11:23:03 CEST 2015
I agree the consequences of "something" can be modelled in the same way
whether random or deliberate.
However:
- The "something"s are a relatively static set in a conventional safety
analysis (equipment, power failure...), but are an ever-increasing set
for security (new forms of attack on the same system)
- The likelihood of random somethings is relatively constant, while the
likelihood of deliberate somethings is both variable and hard to quantify
PB
Peter Bernard Ladkin wrote:
> On 2015-06-01 13:06 , RICQUE Bertrand (SAGEM DEFENSE SECURITE) wrote:
>> Safety is a roughly 2D problem ( probability x consequence), the two dimensions being usually
>> stable along the unique system timescale.
>
>> Security is a 3D problem with sub dimensions
>
> The analysis of what the consequences are and how they happen is very similar for both safety and
> security. Something happens to your system that cause it to do what you do not want. That
> "something" can be happenstance, or it can be deliberate. But the consequences are determined
> exactly the same way by the system properties in both cases. For analytical purposes, for security
> incidents you turn some of the possible events into quasi-Booleans (turning happenstance into
> intention) and formally propagate through the Causal Fault Graph.
>
> PBL
>
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
> Je suis Charlie
> Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
>
>
>
>
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
--
Peter Bishop
Chief Scientist
Adelard LLP
Exmouth House, 3-11 Pine Street, London,EC1R 0JH
http://www.adelard.com
Recep: +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855
More information about the systemsafety
mailing list