[SystemSafety] Safety and Cybersecurity: A Dispute
paul_e.bennett at topmail.co.uk
paul_e.bennett at topmail.co.uk
Mon Dec 19 12:48:45 CET 2016
On 19/12/2016 at 11:40 AM, "DREW Rae" wrote:Without in any way
endorsing it, the argument appears similar to the more naive formal
methods community responses to safety. "Safety is nothing special -
we'll just prove that all of the requirements are met, and safety
requirements are just requirements".
"Why mix security and safety - we'll just make sure there are no
external disruptions to the system environment, so you don't need to
worry which ones are safe or unsafe".
Both arguments have an understandable but naive view that systems
behave either correctly or incorrectly, and that safety is just a
matter of making sure that the "correct" behavior is properly
specified.
I've always been unsatisfied with the idea of drawing a sharp line
between "safety" and "operational functions". It's a misleading
categorisation even for the control systems it arose from, and it
helps perpetuate the idea that you can put a neat box around "safety"
and then divorce safety analysis from cybersecurity, project
management, software implementation, human resources, maintenance
schedules, or any of the many "not the business of safety" messy
details that end up in accident reports.
I agree with Drew, there should be no separation of considerations for
systems into separate Safety, Security or Functional silos.
Development
of a system is a system wide activity and you have to consider that
part
of the system includes the operational environment and the behaviours
of a multitude of influencing factors.
When considering security as part of the overall system design, one
should be looking for every little chink that might be left in the
armour.
Minimising the access apertures for individual system components, as
well as the general outer ring-fenced measures will be equally
important.
Regards
Paul E. Bennett IEng MIET
Systems Engineer
--
********************************************************************
Paul E. Bennett IEng MIET.....
Forth based HIDECS Consultancy.............
Mob: +44 (0)7811-639972
Tel: +44 (0)1392-426688
Going Forth Safely ..... EBA. www.electric-boat-association.org.uk..
********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161219/3c851dc0/attachment-0001.html>
More information about the systemsafety
mailing list