SCSC.uk 
SCSC.uk  
SCSC - Group: Security Informed Safety
 
background 

If you have been given the code to join this group please login and then enter the code here.

Security Informed Safety Working Group

SCSC SSS 2024 Working Group Update

The working group presented this poster at SSS 2024. (If you can't access the poster as a .png file, there's a PDF with lower quality images here.) Stephen Bull recorded a brief summary while at the conference. (This is part of a longer video presenting all the posters.)

Updates given at previous SSS conferences can be found here.

Current Activities

We are in the process of developing our guidance material to make it ready for publication. We are currently working on material for:

  • Task Group 1 (Co-ordination of Safety and Security within the system lifecycle): this will give guidance on how to align the safety and security activities within the project lifecycle so that they inform each other appropriately and support achieving each other's goals. This guidance is in final editorial stages and will be published in Autumn 2024.
  • Task Group 2 (Principles on Evaluation of Risk): this will give guidance on taking security threats into account within safety risk evaluation. This will focus on specific issues identified as "problem areas" in the integration of security and safety analysis. We will start developing detailed guidance in Autumn 2024. The first issue will focus on:
    • Incorporating security considerations into safety analysis
    • Risks emerging during system operation
    • Trade-off between (safety and security) risks

We will restart regular meetings in October 2024. We will meet fortnightly at 1300 on a Wednesday, starting on 23rd October. If you would like to take part, please contact Stephen Bull.

Note: if you would like to be involved but this time is not possible for you, please get in touch to discuss ways you could be involved.

Statement of the Problem

Security of safety-critical systems is becoming more and more of an issue with ever changing threats, attacker skills and changes to the way software and systems are developed (i.e. greater reliance on COTS and supply chain). A system can only be deemed safe if it is also secure to enable it to carry out its safety function; this is true for both new and legacy systems. It is acknowledged over recent years many standards have been produced or are in production; often these are domain specific and are evolutions of IT based standards and good practice rather than considering established safety defence in depth design principles such as diversity and redundancy.

Why is the SCSC involved?

Due to the nature of the SCSC being cross domain and non-profit making, it provides an opportunity for experts from different domains and academia to come together to network and share best practice and experience.

What will the Working Group do?

The working group will aim to capture cross-domain best practice to help engineers find the ‘wood through the trees’ with all the different security standards, their implication and integration with safety design principles to aid the design and protection of secure safety-critical systems and systems with a safety implication.
The working group will aim to keep current with the fast changing security threats and new standards being published.

If you would like to join this group and contribute please contact Stephen Bull

Vision

To produce clear and current guidance on methods to design and protect safety-critical systems, in a way that reflects emerging best practice. This guidance will reflect the integration of safety and security principles.

Terms of Reference and working group goals are available in the SISWG resource area.

Focus Areas

We have established task groups to provide guidance in specific key areas relating to the impact of Cyber Security on Safety. It is intended that this guidance will be published as SCSC documents, although it will be aligned to the recently published IET Code of Practice on Cyber Security and Safety.

The task groups are looking at:

  1. Co-ordination of Safety and Security within the system lifecycle
  2. Principles on Evaluation of Risk
  3. Mapping terminology and language between safety and security

Initial guidance documents have been prepared and we are in the process of refining them as explained here. We hope to publish our first guidance document in Autumn 2024.

If you would like further information, please contact Stephen Bull

 

SCSC.UK uses anonymous session cookies please see Privacy policy

© SCSC 2024