Logged off icon

 

Safety Critical Systems Club
For Everyone Working in System Safety

Security Informed Safety Working Group

Latest News

The working group presented this poster at SSS 2025.

Just after the conference, we released our guidance on Co-Assurance of Safety and Security (click link to download). This gives guidance on how to align the safety and security activities within the project lifecycle so that they inform each other appropriately and support achieving each other's goals. Please use this guidance yourself, and let other people know about it. Please tell us what you think and how it can be improved.

We are actively working on guidance on evaluation of risk at the intersection between safety and security.

Current Activities

We are developing guidance on taking security into account when evaluating safety risk. This will focus on specific issues identified as "problem areas" in the integration of security and safety analysis. We are currently considering:

  • Incorporating security considerations into safety analysis
  • Risks emerging during system operation
  • Trade-off between (safety and security) risks

We meet fortnightly at 1300 on a Monday. If you would like to take part, please contact Stephen Bull. If you would like to be involved but this time is not possible for you, please get in touch to discuss ways you could be involved.

Note: we are not meeting over the summer: our next meeting is 8th September 2025.

Statement of the Problem

Security of safety-critical systems is becoming more and more of an issue with ever changing threats, attacker skills and changes to the way software and systems are developed (i.e. greater reliance on COTS and supply chain). A system can only be deemed safe if it is also secure to enable it to carry out its safety function; this is true for both new and legacy systems. It is acknowledged over recent years many standards have been produced or are in production; often these are domain specific and are evolutions of IT based standards and good practice rather than considering established safety defence in depth design principles such as diversity and redundancy.

Why is the SCSC involved?

Due to the nature of the SCSC being cross domain and non-profit making, it provides an opportunity for experts from different domains and academia to come together to network and share best practice and experience.

What will the Working Group do?

The working group will aim to capture cross-domain best practice to help engineers find the ‘wood through the trees’ with all the different security standards, their implication and integration with safety design principles to aid the design and protection of secure safety-critical systems and systems with a safety implication.
The working group will aim to keep current with the fast changing security threats and new standards being published.

If you would like to join this group and contribute please contact Stephen Bull

Vision

To produce clear and current guidance on methods to design and protect safety-critical systems, in a way that reflects emerging best practice. This guidance will reflect the integration of safety and security principles.

We have defined Terms of Reference and working group goals please contact Stephen Bull to find out more. 

Focus Areas

We have identified three specific key areas relating to the impact of Cyber Security on Safety as listed below and we are working on guidance in these areas. This guidance will be published as SCSC documents, although it will be aligned to the recently published IET Code of Practice on Cyber Security and Safety.

These areas are:

  1. Co-ordination of Safety and Security within the system lifecycle RECENTLY PUBLISHED
  2. Principles on Evaluation of Risk ACTIVE DEVELOPMENT
  3. Mapping terminology and language between safety and security ON HOLD

If you would like further information, please contact Stephen Bull