[SystemSafety] Does "reliable" mean "safe" and or "secure" or neither? [No Classification]

Barnes, Robert A (NNPPI) Robert.Barnes2 at rolls-royce.com
Thu Apr 21 17:29:42 CEST 2016 

This message has been marked as No Classification by Barnes, Robert A (NNPPI)


Is it really appropriate to deal with safety and security as disparate, alien issues that have irreconcilable differences?  It is my belief that, in any system important to safety they are intertwined and cannot be dealt with separately.  If I have a safety function, then I will want a degree of confidence that my safety function works, and part of that confidence will be related to how difficult it is for the wicked or curious to interfere with the safety-integrity of that function.

A flaw that I see in safety cases at the moment is an assumption that principals interacting with a safety system, internal and external to an organisation, will do so with positive intent.  Hidden in this assumption is a security requirement, but it is very rarely expressed as such.  Instead, safety is a continuing source of constraints rather than functional security requirements!  Can we realistically argue that a system is safe if it is not protected against interference?

So does 'reliable' mean 'safe', 'secure' or 'neither'?  I'd argue that it's neither as something can be reliable and unsafe, or reliable and insecure, but cannot be safe and insecure.

Robert Barnes
Future EC&I Information Assurance Lead
Rolls-Royce plc, PO Box 2000, Derby DE21 7XX
 
Tel: +44(0)1332 622834 (internal: 52834)
Email: robert.barnes2 at rolls-royce.com
Mail code: RAY-W1.11



Animo concipere non possum quo palto hoc pervease exeat.




-----Original Message-----
From: systemsafety [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Peter Bishop
Sent: 21 April 2016 08:35
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Does "reliable" mean "safe" and or "secure" or neither?

On 20/04/2016 17:30, Peter Bernard Ladkin wrote:

> 
> A key technical point comes out of this, which we will address at the 
> German standards authority on May 4, along with German colleagues 
> active in ICS safety+security and NPP safety+security within the IEC.
> And that is that the requirements for updating safety-critical 
> software conflict with the usual update cycle for security and nobody
> - nobody - I have talked to knows how to solve that problem. Roger is 
> very aware of it. The recent IEC offerings on safety+security gloss 
> over it. We've gotta solve it somehow. (For Bertrand, I mentioned this 
> also to Gilles Deleuze. I know now that the French, the Brits and the 
> Germans are all interested in a solution. Of course, being interested 
> in one and getting one are two different things.)
> 
> PBL

I agree this clash between safety and security is a significant problem in the systems I have looked at.

For safety you don't want to changed your approved/accepted system unless you really have to. For security you have to update all the time to deal with new attacks / vulnerabilities.

PB

-- 

Peter Bishop
Chief Scientist
Adelard LLP
Exmouth House, 3-11 Pine Street, London,EC1R 0JH http://www.adelard.com
Recep:  +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855

Registered office: Stourside Place, Station Road, Ashford, Kent TN12 1PP Registered in England & Wales no. OC 304551. VAT no. 454 489808

This e-mail, and any attachments, is confidential and for the use of the addressee only. If you are not the intended recipient, please telephone 020 7832 5850. We do not accept legal responsibility for this e-mail or any viruses.
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE

The following attachments and classifications have been attached:
The data contained in, or attached to, this e-mail, may contain confidential information. If you have received it in error you should notify the sender immediately by reply e-mail, delete the message from your system and contact +44 (0) 3301235850 (Security Operations Centre) if you need assistance. Please do not copy it for any purpose, or disclose its contents to any other person.

An e-mail response to this address may be subject to interception or monitoring for operational reasons or for lawful business practices.

(c) 2016 Rolls-Royce plc

Registered office: 62 Buckingham Gate, London SW1E 6AT Company number: 1003142. Registered in England.

More information about the systemsafety mailing list