Security Informed Safety Working Group
We do not have a date for the next meeting at the moment. Our next meeting will be held after we have had a chance to complete some of the outstanding actions.
Statement of the Problem
Security of safety-critical systems is becoming more and more of an issue with ever changing threats, attacker skills and changes to the way software and systems are developed (i.e. greater reliance on COTS and supply chain). A system can only be deemed safe if it is also secure to enable it to carry out its safety function; this is true for both new and legacy systems. It is acknowledged over recent years many standards have been produced or are in production; often these are domain specific and are evolutions of IT based standards and good practice rather than considering established safety defence in depth design principles such as diversity and redundancy.
Why is the SCSC involved?
Due to the nature of the SCSC being cross domain and non-profit making, it provides an opportunity for experts from different domains and academia to come together to network and share best practice and experience.
What will the Working Group do?
The working group will aim to capture cross-domain best practice to help engineers find the ‘wood through the trees’ with all the different security standards, their implication and integration with safety design principles to aid the design and protection of secure safety-critical systems and systems with a safety implication.
The working group will aim to keep current with the fast changing security threats and new standards being published.
To produce clear and current guidance on methods to design and protect safety-critical systems, in a way that reflects emerging best practice. This guidance will reflect the integration of safety and security principles.
Terms of Reference and working group goals are currently being agreed by the working group.
SCSC 06-03-2018 [V4e]