[SystemSafety] Does "reliable" mean "safe" and or "secure" or neither?
Peter Bishop
pgb at adelard.com
Thu Apr 21 09:35:12 CEST 2016
On 20/04/2016 17:30, Peter Bernard Ladkin wrote:
>
> A key technical point comes out of this, which we will address at the
> German standards authority on May 4, along with German colleagues
> active in ICS safety+security and NPP safety+security within the IEC.
> And that is that the requirements for updating safety-critical
> software conflict with the usual update cycle for security and nobody
> - nobody - I have talked to knows how to solve that problem. Roger is
> very aware of it. The recent IEC offerings on safety+security gloss
> over it. We've gotta solve it somehow. (For Bertrand, I mentioned
> this also to Gilles Deleuze. I know now that the French, the Brits
> and the Germans are all interested in a solution. Of course, being
> interested in one and getting one are two different things.)
>
> PBL
I agree this clash between safety and security is a significant problem
in the systems I have looked at.
For safety you don't want to changed your approved/accepted system
unless you really have to. For security you have to update all the time
to deal with new attacks / vulnerabilities.
PB
--
Peter Bishop
Chief Scientist
Adelard LLP
Exmouth House, 3-11 Pine Street, London,EC1R 0JH
http://www.adelard.com
Recep: +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855
Registered office: Stourside Place, Station Road, Ashford, Kent TN12 1PP
Registered in England & Wales no. OC 304551. VAT no. 454 489808
This e-mail, and any attachments, is confidential and for the use of
the addressee only. If you are not the intended recipient, please
telephone 020 7832 5850. We do not accept legal responsibility for
this e-mail or any viruses.
More information about the systemsafety
mailing list