[SystemSafety] [EC 61508 and cybersecurity

Peter Bishop pgb at adelard.com
Wed Jun 3 11:23:03 CEST 2015


I agree the consequences of "something" can be modelled in the same way
whether random or deliberate.

However:
- The "something"s are a relatively static set in a conventional safety 
analysis (equipment, power failure...), but are an ever-increasing set 
for security (new forms of attack on the same system)

- The likelihood of random somethings is relatively constant, while the 
likelihood of deliberate somethings is both variable and hard to quantify

PB

Peter Bernard Ladkin wrote:
> On 2015-06-01 13:06 , RICQUE Bertrand (SAGEM DEFENSE SECURITE) wrote:
>> Safety is a roughly 2D problem ( probability x consequence), the two dimensions being usually
>> stable along the unique system timescale.
> 
>> Security is a 3D problem with sub dimensions
> 
> The analysis of what the consequences are and how they happen is very similar for both safety and
> security. Something happens to your system that cause it to do what you do not want. That
> "something" can be happenstance, or it can be deliberate. But the consequences are determined
> exactly the same way by the system properties in both cases. For analytical purposes, for security
> incidents you turn some of the possible events into quasi-Booleans (turning happenstance into
> intention) and formally propagate through the Causal Fault Graph.
> 
> PBL
> 
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
> Je suis Charlie
> Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de
> 
> 
> 
> 
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE

-- 

Peter Bishop
Chief Scientist
Adelard LLP
Exmouth House, 3-11 Pine Street, London,EC1R 0JH
http://www.adelard.com
Recep:  +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855


More information about the systemsafety mailing list