[SystemSafety] The Intertwining of Safety and Security
Daniel Grivicic
grivsta at gmail.com
Sat Nov 12 01:13:56 CET 2016
Hi Paul,
I have worked with hardwired logic systems and like yourself after
reading Peter's article thought about how security and safety work
with these types of devices. One claim by a sales person
(in one company where I worked) was that hardwired systems, as
they are not programmed, have significant resistance to cyber attack. I
offered him the following argument:
Typically all drawings (for hardwired logic
systems) are kept in softcopy on a document server as hardcopy
drawings are deemed uncontrolled. Hardwired systems are programmed 'on
paper' by through the use of these drawings. One possible vector would
be to progressively alter the drawings after first gaining access to
the document store. I appreciate that this approach is complex and
unlikely however it was certainly something that, at the time, our
sales person did not contemplate. A drift into failure (through
manipulation) over a long time is also less likely to be noticed.
Certainly, in engineering where the "feast and famine" approach see
significant staff turn over, changes to documents may be unnoticed due to
lack of continuous ownership.
The above is based upon my experience in the process industry so other
industries may have thought more about document control.
Perhaps someone has had experience with drawing control and safety system
'drift' and can offer further input?
Cheers,
Daniel.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161112/c8a8bf47/attachment.html>
More information about the systemsafety
mailing list