[SystemSafety] Safety and Cybersecurity: A Dispute

Peter Bernard Ladkin ladkin at causalis.com
Mon Dec 19 09:19:46 CET 2016 

I recently mentioned that I published a couple of blog posts on how cyberattacks can affect the
safety properties of systems, even when the safety functions are themselves not compromised by the
attack. Here are the links again
https://abnormaldistribution.org/index.php/2016/11/07/an-observation-on-the-intertwining-of-safety-and-security/
https://abnormaldistribution.org/index.php/2016/11/11/iacs-safety-and-security-intertwined-a-realistic-example/

The German electrotechnical standardisation organisation has just produced formal guidance (called
an "application rule") on safety and security for IACS, in which it says that cybersecurity measures
to protect safety functions and cybersecurity measures to protect operational functionality should
be distinguished: that protection of safety functions is paramount even if operational functionality
is compromised, but that protection of operational functionality may not compromise safety
functionality.

You may think that is all obvious. But it turns out to be controversial. For example, see the
comment by the German engineer Holger Laible here:
http://conference.vde.com/fs/2017/Seiten/Expertenmeinungen.aspx  My translation follows. Notice
particularly his first sentence: Herr Laible thinks that considering cybersecurity as part of safety
will be counterproductive!

[begin quote]

The current increasing trend to consider cybersecurity as a part of safety, and to exhibit analogies
and connections between the two fields, will be counterproductive in the long term. Safety is
founded upon an intact [system] environment (including cybersecurity), so that valid physical
methods and concepts can be applied. In contrast, cyberattacks are neither calculable nor
predictable. Security experts ensure appropriately that the environment remains intact. Safety
experts contribute to the understanding about cybersecurity in the [system] environment.

[end quote]

Herr Laible is a member of the IEC working group devising general guidance on safety and security
for IACS, IEC TC 65 WG 20: http://www.iec.ch/dyn/www/f?p=103:14:15470500619412 (So is Bertrand
Ricque, who is on this list. I don't think anyone else from TC 65 WG 20 is on the list.)

I am on the software part of the IEC Maintenance Team for IEC 61508 (as is Bertrand). The MT
recently met in Vienna, and is considering modifications to IEC 61508 Part 3 to address
cybersecurity. I sent them the attached note (the version I attach is lightly modified).

Apparently this note caused some (anonymous) concern in DKE circles (such concern is often
anonymous). My comment wasn't just a report on activities concerning safety and cybersecurity; it
included (gasp!) some of my technical opinions! Which opinions weren't necessarily shared by all
members of the German National Committee.

(I note that under IEC rules I am required to bring my engineering opinions to bear in discussions;
I do not represent any organisation other than myself in MT discussions.)

So what do people here think? I have examples (e.g., my blog posts) to demonstrate that
cybersecurity issues have to be considered essentially when devising safety requirements. The DKE
formal guidance says that cybersecurity measures concerning safety functions and those concerning
operational functionality have to be treated differently. And there is a lobby which says that this
is "counterproductive". Can safety and cybersecurity for IACS effectively be separated, or are they
intevitably intertwined?

PBL

Prof. Peter Bernard Ladkin, Bielefeld, Germany
MoreInCommon
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs-bi.de




-------------- next part --------------
A non-text attachment was scrubbed...
Name: PBLCommentsToMT20161122.pdf
Type: application/pdf
Size: 58984 bytes
Desc: not available
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161219/82833266/attachment-0001.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161219/82833266/attachment-0001.pgp>

More information about the systemsafety mailing list