© 2017 created by Australian Safety Critical Systems Association.

This site was last updated on 30/7/2019.

TUTORIALS -2018

Bruce Hunter  Applying cybersecurity to protect functional safety

 

Abstract

IEC 61508 Ed2:2010 makes reference to security risk analysis as part of hazard and risk analysis and recommends IEC 62443 for guidance on this.  Much has changed since the publication of these standards including an explosion of cyber-threats to critical infrastructure and a plethora of other security material. Regulatory authorities are now demanding cybersecurity as well as safety assurance.

This tutorial gives guidance to safety practitioners on protecting safety systems and the key aspects of cybersecurity application including:

  • Cybersecurity fundamentals

  • Examination of current threat landscape

  • Survey of applicable standards and frameworks

  • Holistic safety and security risk analysis

  • Lifecycle activities and documentation

  • Vulnerability handling

  • Defence-in-depth architecture

  • Supply chain issues

  • Security awareness and cooperative approaches

  • Cooperative cybersecurity event handling

 

Worked examples of control systems cyber-attacks and protection strategies will be included.

RGB Assurance

Modelling safety risk when multiple organisations are involved

 

In some hazardous industries there are multiple organisations involved and safety risks can arise in one organisation in such a way that the risk can impact other involved organisations. We faced this challenge in our work on the Australian Rail Risk Model (ARRM) for the Rail Industry Safety and Standards Board (RISSB) in Australia. ARRM models safety risk for the Australian rail industry, where there are many Rail Transport Operators (RTOs), and where each RTO performs the role of Rail Infrastructure Manager (RIM), Rolling Stock Operator (RSO) or both. An example from ARRM is that RIMs are responsible for maintaining track and if track is damaged, e.g. becomes buckled, then this could potentially derail an RSO’s train and harm crew and/or passengers on board. In this case, we need to include this risk in the risk profiles for both the RIM and the RSO.

 

The approach to modelling how risk arising in one RTO impacts other RTOs was a key challenge for ARRM. Other industries where the same challenge would apply include aviation, where there are different organisations that perform air traffic control, management of airports and operate aircraft, and these organisations interact with each other in such a way that risk arising in one organisation can impact the other organisations. For example, a fire inside an airport, or an error in air traffic control can affect an aircraft operator’s passengers. 

 

In this tutorial we will describe this challenge in detail, drawing on examples from ARRM, and explain how we addressed the challenge in ARRM. Our approach involved:

  • developing an ontology that defines the characteristics of the industry, the organisations involved in the industry and how they interact with each other (including utilisation of infrastructure); 

  • developing a common risk model for the industry;

  • decorating events in the risk model with information on which organisation (or kind of organisation) each event is applicable to;

  • developing quantitative estimates of the frequency or probability of basic events in the model and estimates of the degree of harm arising from each accident, using data available from each organisation or data/information available for the industry as a whole (depending on what was available); and

  • use of a special-purpose-language to define event and harm estimates such that the estimates can be evaluated for each organisation.

 

We will show how the approach can provide a risk profile for the industry as a whole and separate risk profiles for each organisation in each of its roles. We will illustrate the approach with examples from ARRM and discuss how the approach could be applied in other industries.