[SystemSafety] IEC 61508 and cybersecurity
Martyn Thomas
martyn at thomas-associates.co.uk
Thu Sep 19 17:29:36 CEST 2019
On 19/09/2019 15:52, Andrew Banks wrote:
> In this, I think ISO 26262 got it right (Note 2), by addressing the interaction between safety and security, and emphasising that (cyber)security must be considered, but going no deeper.
I don't have a copy of 26262 but "security must be considered"
presumably means that it has to be part of the hazard analysis. I assume
that 26262 then requires that the identified security hazards that
affect safety must be mitigated to the extent that the required safety
properties are not compromised.
That seems a satisfactory position for a safety standard but it leaves
developers and assessors searching around for an approved means of
compliance - preferably an international standard. SFAIK there isn't
one. Worse still, if the required safety properties call for a high
degree of assurance, such as a formal proof or other evidence to support
a very low probability of unsafe failure, it would rule out most use of
COTS components (because of the problem of assuring the supply chain,
and many other issues) and most of the development practices used by
most companies.
Or does "security must be considered" have some other meaning that makes
sense and that addresses the critical risk that safety may be
compromised through a cyberattack?
Martyn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20190919/fa7f1afb/attachment.sig>
More information about the systemsafety
mailing list