Re: [SystemSafety] [EC 61508 and cybersecurity

From: Peter Bishop < >
Date: Wed, 03 Jun 2015 10:23:03 +0100


I agree the consequences of "something" can be modelled in the same way whether random or deliberate.

However:
- The "something"s are a relatively static set in a conventional safety analysis (equipment, power failure...), but are an ever-increasing set for security (new forms of attack on the same system)

PB

Peter Bernard Ladkin wrote:
> On 2015-06-01 13:06 , RICQUE Bertrand (SAGEM DEFENSE SECURITE) wrote:

>> Safety is a roughly 2D problem ( probability x consequence), the two dimensions being usually
>> stable along the unique system timescale.

>
>> Security is a 3D problem with sub dimensions

>
> The analysis of what the consequences are and how they happen is very similar for both safety and
> security. Something happens to your system that cause it to do what you do not want. That
> "something" can be happenstance, or it can be deliberate. But the consequences are determined
> exactly the same way by the system properties in both cases. For analytical purposes, for security
> incidents you turn some of the possible events into quasi-Booleans (turning happenstance into
> intention) and formally propagate through the Causal Fault Graph.
>
> PBL
>
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
> Je suis Charlie
> Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
>
>
>
>


The System Safety Mailing List
systemsafety_at_xxxxxx
-- 

Peter Bishop
Chief Scientist
Adelard LLP
Exmouth House, 3-11 Pine Street, London,EC1R 0JH
http://www.adelard.com
Recep:  +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855
_______________________________________________
The System Safety Mailing List
systemsafety_at_xxxxxx
Received on Wed Jun 03 2015 - 11:23:21 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 25 2019 - 03:17:07 CEST