Re: [SystemSafety] [EC 61508 and cybersecurity

From: Christopher Johnson < >
Date: Mon, 1 Jun 2015 11:02:15 +0000


I agree with much that Chris says but the problem is that the high level standards bodies often have little practical day to day experience at the interface between security and safety – indeed most industries are just waking up to the possibilities with ISIL in control of several refineries and ATM towers (plus associated engineers).

The engineering details often throw up a host of tensions – as a trivial case that Drew mentioned this morning – if you take incident reporting as a monitoring mechanism from most Safety Management Systems and transfer it into a Security Management System you have to totally change your mindset – from one where it is critical to disseminate recommendations as widely as possible (safety) to one in which simply knowing that an incident has occurred can be a strong indication of complicity (security). I worked on a recent incident where the systems admin team were all treated as suspects because they identified the intrusion -

This is one example but there are many more.

C

From: Chris Hills <safetyyork_at_xxxxxx Organization: Phaedrus Systems Ltd
Date: Monday, 1 June 2015 11:49
Subject: Re: [SystemSafety] [EC 61508 and cybersecurity

I have always though that safety and security are two sides of the same coin. Often it is just a difference of emphasis or wording but the requirements are very similar if not the same. The trouble is “cyber security” is the new buzzword so we need a standard for it….. Surely it is better build on 61508 for something that is both safe and secure?

Or do you want something that is secure but unsafe? :)

Regards

   Chris

Phaedrus Systems Ltd Tel: FREEphone 0808 1800 358 96 Brambling B77 5PG Vat GB860621831 Co Reg #04120771 Http://www.phaedsys.com<http://www.phaedsys.com/> chills_at_xxxxxx

Sent: 01 June 2015 10:09
To: systemsafety_at_xxxxxx Subject: Re: [SystemSafety] [EC 61508 and cybersecurity

Where can I find details of the content of IEC 62443, and of the IEC workgroup?

Martyn

On 01/06/2015 09:42, RICQUE Bertrand (SAGEM DEFENSE SECURITE) wrote: There is currently an IEC workgroup on what to do with IEC 61508 and cybersecurity (IEC 62443). The topic is thus not ignored.



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Jun 01 2015 - 13:02:26 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST