[SystemSafety] The Intertwining of Safety and Security

paul_e.bennett at topmail.co.uk paul_e.bennett at topmail.co.uk
Fri Nov 11 13:17:10 CET 2016


On 11/11/2016 at 8:01 AM, "Peter Bernard Ladkin"  wrote:Last Monday, I
pointed out by means of a somewhat theoretical example that IACS
safety and
cybersecurity are intertwined. Also, that some people in industry (and
in standardisation) think you
can keep them separate.

I was looking to construct a concrete but hypothetical example that
fit the precepts of IEC 61508,
which governs the derivation and implementation of safety requirements
in IACS. I think I have found
one. I invite readers to see if they agree.

https://abnormaldistribution.org/index.php/2016/11/11/iacs-safety-and-security-intertwined-a-realistic-example/

PBL

Prof. Peter Bernard Ladkin, Bielefeld, Germany
MoreInCommon
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs-bi.deNice article Peter.

In your item the statement. "However, in many nuclear power plants, 
over time, subsystems are  replaced, and replacement subsystems 
include more digital electronics  than the originals, and become 
thereby vulnerable to cyberintrusion" implies that plant systems 
changes were implemented without revisiting the calculation of the
integrity of the safety functions.

I am quite sure that any modification of systems in the Nuclear 
Industry, when calling for a modification, will have such a
re-visitation
before replacement sub-systems are introduced. I am not so sure 
about other industries.

Additionally, not all digitally based systems will have an element of 
re-programmability, although I can see where such a presumption
may come in. Also, not all such systems have an easy path to
cyberintrusion, although that should be considered as part of the
evaluation of safety functions. 

In short, the original design team may have reasonably foreseen
the risks of the systems they implemented. However, where the 
care then needs to be taken is in ensuring re-evaluation of safety 
functions in light of the proposed changes as they arise, taking into 
account the factors that will arise through a higher vulnerability 
potential through security weaknesses.

Regards
 Paul E. Bennett IEng MIET
 Systems Engineer
 -- 
 ********************************************************************
 Paul E. Bennett IEng MIET.....
 Forth based HIDECS Consultancy.............
 Mob: +44 (0)7811-639972
 Tel: +44 (0)1392-426688
 Going Forth Safely ..... EBA. www.electric-boat-association.org.uk..
 ********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161111/bb339d4c/attachment.html>


More information about the systemsafety mailing list