Re: [SystemSafety] [EC 61508 and cybersecurity

From: Martyn Thomas < >
Date: Mon, 01 Jun 2015 12:12:59 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 01/06/2015 11:03, Peter Bernard Ladkin wrote:
> ...
>
> IEC 62443 only concerns security in the process industries. At a
recent meeting of the German NC
> on E/E/PE functional safety, a representative from the NC concerned
with IEC 62443 said that
> everything necessary from ISO 27000 had been taken into account and
IEC 62443 was a successful
> enterprise. Having recently suffered through some heinously boring
presentations, involving
> subdivision and classification and boxes and arrows as far as the eye
could see, I .... um .....
> reserve judgement.

I have found a lengthy presentation of 62443 on the internet. It seems to be a mix of 27001 and architectural partitioning into "zones" separated by firewalls. The presentation said "be very careful designing and implementing the firewalls".

Little engineering and nothing useful on assurance.

I can't see how I could use it to provide adequate confidence that I had controlled the security threats to a safety-critical system adequately.

>
> You can only find out about results of the IEC Working Group by being
in it, as far as I can tell.
> I've tried to find out and get two sentences in reply. They are a
different two sentences for each
> colleague I ask. I don't "AND" the replies.
A sensible engineering standardisation process would start with an public discussion between experts about the scope of the standard and the criteria for judging a good outcome. Once these were agreed, the development of the standard would also be public and interactive.

The current processes seem to have nothing to recommend them.

Martyn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJVbD47AAoJEAev1z3Tv8QLoo8H/3RoraPCzVSt6MPh9hroVKj1 j4vKhCuBZqqRYVcOum62FpcHSCC+bAg3efurMR97Sp6NRqnbOaoZ4m5NssyMBbec +g7HS5c66tUQ6zDoxERj2hGesXVYbkCOQn9A6a4EtolO2O21XmHu/U0T0+64Xfax h1LhEXPgOCUu9iAsBKUY86ifZ+MdhGeuqSuYAPyE/0a95/oy3jZEbdehU2LWyKF6 VDMKfTFifnxHauCu6+J2WHcmPLVwYRxxjSzUcYVAmU3pQiDImioPtj82abTq/om9 EjQ67fSSU6xl5LJCjyr+/DUwI3QsUv1wxzXT4o1kOdWJKzmjND5kyi/PuBAu/88= =EFZo
-----END PGP SIGNATURE-----



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Jun 01 2015 - 13:13:14 CEST

This archive was generated by hypermail 2.3.0 : Fri Feb 22 2019 - 15:17:07 CET