[SystemSafety] IEC 61508 and cybersecurity

Olwen Morgan olwen at phaedsys.com
Thu Sep 19 21:42:48 CEST 2019 

On 19/09/2019 15:52, Andrew Banks wrote:
> -<snip>-
> Anyone (Note 1) can join their National Body mirror panel.  The National Body members get to comment and vote at DIS and FDIS.
On the other hand, some of us have come to the conclusion that 
standardisation has become so dysfunctional that it entails fewer risks 
to one's mental health if one simply avoids standards committees. This 
was one of the major reasons why I dropped out of MISRA C participation 
in 2002. And, believe me, this list is no place for me to articulate my 
underwhelmed view of the current state of that standard, which IMO has 
progressed depressingly little from what I effectively handed to MISRA 
on a plate in 1997/8 and subsequently recommended in 2002.
>
>
> But to the nub of the article... I can understand IEC 61508 not wishing to become yet another security standard... there are plenty to choose from already.  In this, I think ISO 26262 got it right (Note 2), by addressing the interaction between safety and security, and emphasising that (cyber)security must be considered, but going no deeper.
>
> Notes:
> 1: subject to a little vetting - but I have never heard of a viable person being refused...
> 2: declaration - I was involved with 26262 but that was someone else's work; I just happen to agree with it
>
>
> -<snip>-

The schism between the safety and security cultures drives me round the 
bend. If safety is (usually) concerned with hazardous events happening 
by accident, then at least part of security is concerned with such 
events happening by malicious intention. They are different sides of the 
same coin. Why we have the schism is therefore beyond me. A two-axis 
classification of accidental/deliberate vs. hazardous/compromising would 
make much more sense IMO.

And it's not as if it actually makes much difference at the programming 
level, because, for both safety and security, it is necessary (though 
not sufficient) that all undefined usage be avoided. Indeed, much of the 
material in the vulnerability classifications that one can find floating 
around in cyberspace reduces to no more than that.

As some on this list know, I dropped out of vulnerabilities standards 
work because I felt it was taking a fundamentally misconceived approach 
- especially in the surreal circumstances in which CSA asked if they 
could submit one of my documents as a Canadian national contribution 
when a (IMO less than entirely stellar) BSI panel were apparently 
non-plussed at the idea of its being a UK contribution - and AFAI am 
aware, though produced in 2008, it's still technically well ahead of 
anything else that WG23 has produced.

Some recidivist cynics have said that one way of judging the BSI 
Vulnerabilities Panel is by looking at who decided NOT to participate in 
it   ...   no names, no pack drill   ...   ;-)


Honestly, it isn't sour grapes. I've just reached the stage where it 
amuses me to extract the micturition of the myopic ...

Olwen

More information about the systemsafety mailing list