Rules and Guidelines
Want to participate in the discussions? Please read our Community Rules and Guidelines. Need some help? Visit Support and Answers.

  • State Helpful Answer
  • Replies 9 replies
  • Subscribers 12 subscribers
  • Views 1244 views
  • Users 0 members are here
Options
You may also be interested in

Survey Invitation - Integrated Safety & Security Causality Modelling & Analysis: Current Challenges & Potential Solutions within the UK’s Critical National Infrastructure

Neil Morley

Dear members, 

You are invited to participate in an online survey that forms part of an MSc research project (Safety Critical Systems Engineering – University of York) titled;

 ‘Integrated Safety & Security Causality Modelling & Analysis: Current Challenges & Potential Solutions within the UK’s Critical National Infrastructure’

 “If it’s not secure, it’s not safe”– this assertion is the foundational principle behind the research project.

 In recent years, a paradigm shift has occurred within the safety engineering discipline as security has been recognised as a fundamental and integral component of safety; security has the potential to protect the safety attributes of a system and compromise the safety attributes of a system, both directly and indirectly.

 The question of whether a system can be considered safe in the absence of security considerations is at the centre of this paradigm shift. Will a safety critical system perform the required safety functions to the required (or claimed) performance level where security has not been considered? Is the causal chain of hazards limited exclusively to accidental failures (e.g. random hardware, systematic and common cause failures)? Is the requirement to consider malicious or negligent actions unnecessary as they cannot cause hazards that have not already been identified or contribute towards those that have? Can this be substantiated in the absence of evidence? What processes and evidence artefacts are necessary to substantiate that the hazard analysis for the system is suitable and sufficient?

 Integrated safety & security causality modelling and analysis is an approach to hazard analysis that takes into consideration both safety and security contributions to system safety.

 The purpose of this survey is to gather the experiences and observations of four principal stakeholder perspectives relating to the subject of 'integrated safety and security causality modelling and analysis' within the UK’s Critical National Infrastructure (CNI).

 The survey consists of twenty logically presented questions that shall take you approximately 15 minutes to complete. Further information regarding the survey can be found within the 'Particpant Information Sheet'.

 Your participation would be very much appreciated as it represents valuable real-world insight into a very significant and emerging field of safety engineering.

 Please feel free to share the invitation to other relevant safety and/or security practitioners working within the UK’s Critical National Infrastructure for their valued participation.

 Thank you for your participation and support.

Follow this link to the Survey: Take Survey

Or copy and paste the URL below into your internet browser: https://york.qualtrics.com/jfe/form/SV_8w8ZhB6xvHrolcW

Parents
  • 0

    Rather depends what you mean by security - computer people tend to mean not vulnerable to attack over the internet, but conventional security also requires a robustness against power cuts, floods, ingress of animals and so forth, as well as bad actors such as thieves  (ever had your neutral nicked ?) and terrorists of the more traditional kind.

    I agree that any truly critical system should have all of these considered to be considered truly secure.

    Mike.

Reply
  • 0

    Rather depends what you mean by security - computer people tend to mean not vulnerable to attack over the internet, but conventional security also requires a robustness against power cuts, floods, ingress of animals and so forth, as well as bad actors such as thieves  (ever had your neutral nicked ?) and terrorists of the more traditional kind.

    I agree that any truly critical system should have all of these considered to be considered truly secure.

    Mike.

Children
  • 0 in reply to mapj1

    Hi Mike! Thanks for your message, very much appreciated. The survey includes questions to investigate participants' individual, organisational and regulatory understanding and application of the term security. You're quite right - to some security may be understood to mean the cyber security of computer based control systems that provide safety critcial functions only; to others it may be considerably more expansive; to others less so. This in part is included within the scope of the research. Have you tried the link yet? ; )

Join us to get the best from IET EngX.

Joining EngX lets you personalise your experience so you stay up to date on the topics that interest you, plus you’ll be able to make connections who are looking to collaborate, exchange ideas and more.

Join us Not now

Community Rules & Guidelines