[SystemSafety] Safety and effective or not cybersecurity countermeasures

Peter Bishop pgb at adelard.com
Thu Jun 6 17:22:28 CEST 2019


On 06/06/2019 10:28, Peter Bernard Ladkin wrote:
> For some of your colleagues in WG20, the intended meaning is exactly what is written. They believe
> that safety evaluations and measures and cybersecurity evaluations and measures have - and should
> continue to have - nothing to do with each other. (They advocate this, despite the clear indications
> in the IEC TR 63069 explanation of threat-risk assessment <security> that they are inevitably
> intertwined.)

I have run across this myself.

In most cases I see, safety and security assessments are performed
separately.

- to the point where safety assessor cannot even see the security
recommendations!
  (need to know and all that)

This can be an issue if security and safety recommendations conflict
(and this does occur)

So at a minimum there needs to be coordination / review between safety
and security assessments to decide what takes priority.

Peter Bishop

-- 
Peter Bishop
Chief Scientist
Adelard LLP
24 Waterside, 44-48 Wharf Rd, London N1 7UX
http://www.adelard.com
Recep:  +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855

Registered office: 5th Floor, Ashford Commercial Quarter, 1 Dover Place,
Ashford, Kent TN23 1FB
Registered in England & Wales no. OC 304551. VAT no. 454 489808

This e-mail, and any attachments, is confidential and for the use of
the addressee only. If you are not the intended recipient, please
telephone 020 7832 5850. We do not accept legal responsibility for
this e-mail or any viruses.



More information about the systemsafety mailing list