[SystemSafety] Safety and Cybersecurity: A Dispute

Martyn Thomas martyn at thomas-associates.co.uk
Mon Dec 19 12:18:28 CET 2016

Security has always been regarded as part of safety. That's why there
are security fences around high hazard sites, guards, alarms, and
security screening of personnel who have access to sensitive control
systems. It's why we require hazardous chemicals and explosives to be
kept in secure storage. There are many other examples of security
considerations in the management of safety. Cybersecurity is a subset of
security that has growing importance, so of course it has to be
considered as part of the overall system safety engineering and safety

Herr Laible appears to be arguing that  safety experts should rely on
cybersecurity experts to provide assurance that cyber attacks cannot
affect the system environment in any way that affects safety. It is
impractical to partition the work this way because the safety experts
and security experts need to work together to understand all the ways in
which cybersecurity vulnerabilities could affect safety, and then to
mitigate the risks and to provide enough evidence to support the
required safety assurance.

You cannot separate the concerns, because the security analyst needs to
understand what assets have to be protected and to what level of
assurance, and the safety analyst needs evidence that all the possible
attack vectors have been considered and that the residual risks have
been appropriately mitigated. That involves cybersecurity and all
aspects of physical security too.

How can this be controversial?


On 19/12/2016 08:19, Peter Bernard Ladkin wrote:
> The German electrotechnical standardisation organisation has just produced formal guidance (called
> an "application rule") on safety and security for IACS, in which it says that cybersecurity measures
> to protect safety functions and cybersecurity measures to protect operational functionality should
> be distinguished: that protection of safety functions is paramount even if operational functionality
> is compromised, but that protection of operational functionality may not compromise safety
> functionality.
> You may think that is all obvious. But it turns out to be controversial. For example, see the
> comment by the German engineer Holger Laible here:
> http://conference.vde.com/fs/2017/Seiten/Expertenmeinungen.aspx  My translation follows. Notice
> particularly his first sentence: Herr Laible thinks that considering cybersecurity as part of safety
> will be counterproductive!
> [begin quote]
> The current increasing trend to consider cybersecurity as a part of safety, and to exhibit analogies
> and connections between the two fields, will be counterproductive in the long term. Safety is
> founded upon an intact [system] environment (including cybersecurity), so that valid physical
> methods and concepts can be applied. In contrast, cyberattacks are neither calculable nor
> predictable. Security experts ensure appropriately that the environment remains intact. Safety
> experts contribute to the understanding about cybersecurity in the [system] environment.
> [end quote]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xAD48704B.asc
Type: application/pgp-keys
Size: 2622 bytes
Desc: not available
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161219/f66c8e87/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 560 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161219/f66c8e87/attachment.pgp>

More information about the systemsafety mailing list