[SystemSafety] IEC 61508 and cybersecurity

Thu Sep 19 17:52:06 CEST 2019

ISO 26262 requires (interestingly, as part of the requirements for a safety culture) that effective communication channels with related disciplines are considered (of which cybersecurity is given as an example). There is an informative annex that describes potential interface points between functional safety and cybersecurity (written from the perspective of a safety practitioner) which (at a high level) covers the four broad phases of ISO 26262 (safety management, concept phase, development phase, post SOP phase).

There is also mention of alignment of development processes to consider safety and security in the software part of the standard.

SAE J3061 has some detailed examples of interactions between a functional safety and cybersecurity process. So far the equivalent information has not made it into the draft of ISO/SAE 21434.

Best regards

David Ward

-----Original Message-----
From: systemsafety <systemsafety-bounces at lists.techfak.uni-bielefeld.de> On Behalf Of Martyn Thomas
Sent: 19 September 2019 16:30
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] IEC 61508 and cybersecurity

On 19/09/2019 15:52, Andrew Banks wrote:

> In this, I think ISO 26262 got it right (Note 2), by addressing the interaction between safety and security, and emphasising that (cyber)security must be considered, but going no deeper.

I don't have a copy of 26262 but "security must be considered"
presumably means that it has to be part of the hazard analysis. I assume that 26262 then requires that the identified security hazards that affect safety must be mitigated to the extent that the required safety properties are not compromised.

That seems a satisfactory position for a safety standard but it leaves developers and assessors searching around for an approved means of compliance - preferably an international standard. SFAIK there isn't one. Worse still, if the required safety properties call for a high degree of assurance, such as a formal proof or other evidence to support a very low probability of unsafe failure, it would rule out most use of COTS components (because of the problem of assuring the supply chain, and many other issues) and most of the development practices used by most companies.

Or does "security must be considered" have some other meaning that makes sense and that addresses the critical risk that safety may be compromised through a cyberattack?

Martyn

HORIBA MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 9626352
VAT Registration  GB 100 1464 84

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.