[SystemSafety] The Intertwining of Safety and Security

Sat Nov 12 03:10:44 CET 2016

On 12/11/2016 at 12:14 AM, "Daniel Grivicic"  wrote:Hi Paul,
I have worked with hardwired logic systems and like yourself after
reading Peter's article thought about how security and safety work
with these types of devices. One claim by a sales person (in one
company where I worked) was that  hardwired systems, as they are not
programmed, have significant resistance to cyber attack. I offered him
the following argument:
Typically all drawings (for hardwired logic systems) are kept in
softcopy on a document server as hardcopy drawings are deemed
uncontrolled. Hardwired systems are programmed 'on paper' by through
the use of these drawings. One possible vector would be to
progressively alter the drawings after first gaining access to the
document store. I appreciate that this approach is complex and
unlikely however it was certainly something that, at the time, our
sales person did not contemplate. A drift into failure (through
manipulation) over a long time is also less likely to be noticed.
Certainly, in engineering where the "feast and famine" approach see
significant staff turn over, changes to documents may be unnoticed due
to lack of continuous ownership.
The above is based upon my experience in the process industry so other
industries may have thought more about document control.
Perhaps someone has had experience with drawing control and safety
system 'drift' and can offer further input?Hi Daniel,

It is an area I have given quite a bit of thought to over the years 
and where I have had some experience of utilising some really 
good manual processes earlier in my career.

In a few companies where I have worked, we had a team of 
people who dealt with the official control of document storage, 
version control and issuing of the official documentation to a 
prescribed list of recipients. These people worked in Document
Registry and the head of the department was the Document
Registrar.

Of course, that was in the days of manually applied version 
control and document management. These days with electronic 
version control and configuration management I wonder if the 
position of Document Registrar continues to exist in any of the 
larger organisations.

I have described a triple repository scheme (see Safety Systems 
newsletter of the SCSC Volume 25 Number 3, May 2016) which,
with the level of review stages incorporated for each component
may accomplish the potential to remain sufficiently secure during
continued development, especially if write access to the final 
repository is under very strict control (I would welcome comments
on the idea).

Even when documents get printed for the assembly workforce to
use while they build the equipment, there are methods available to 
ensure they are working to the correctly issued documents. If they
are only permitted to use the officially issued documents (which 
have some additional marking when only officially printed) then it
can become a very simple check.

If you have a high integrity project to undertake the development 
for, you will need to develop two systems. The first will be the 
development process by which the actual system is developed. 
The second will be the system the client requested. Both will 
need to be fully risk assessed, validated and verified before they
are trusted.

Regards
 Paul E. Bennett IEng MIET
 Systems Engineer
 -- 
 ********************************************************************
 Paul E. Bennett IEng MIET.....
 Forth based HIDECS Consultancy.............
 Mob: +44 (0)7811-639972
 Tel: +44 (0)1392-426688
 Going Forth Safely ..... EBA. www.electric-boat-association.org.uk..
 ********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161112/90fa3357/attachment-0001.html>