1. In 2019, Andrew Odlyzko published a paper in ACM Ubiquity in which he argued that cybersecurity was not as big a deal as some prognosticators had claimed http://www.dtc.umn.edu/~odlyzko/doc/cyberinsecurity.pdf There are a number of insights, as well as some questionable arguments…. Read moreAndrew Odlyzko on Cybersecurity not Being a Big Deal
IEC 61508, the the international standard for functional safety of systems involving E/E/PE subsystems (which nowadays means mostly every engineered system), is being revised, or “maintained” in the IEC jargon. It started, for the SW part, in November 2014 and… Read moreSystem Safety, Cybersecurity, the “Scope” of IEC 61508 and Broken Standards
Readers may know that for quite some time I have been working on topics in requirements engineering, in particular for safety requirements. They may recall previous posts here at https://abnormaldistribution.org/index.php/2010/11/09/formal-definition-of-the-notion-of-safety-requirement/ and https://abnormaldistribution.org/index.php/2010/11/09/the-parable-of-the-exploding-apples/ as well as the terminology engineering in OPRA at https://rvs-bi.de/publications/books/RVS-Bk-17-02/Ch03-OPRA.pdf and the derivation of… Read morePasswords and Requirements Engineering
In the last little while I have repeatedly encountered people in safety&security standardisation circles who are trying to equate IEC 61508 SILs (Safety Integrity Levels) with IEC 62443 SLs (Security Levels). I saw another instance yesterday, in a paper written… Read more“Security Risk” and Probability
Matthew Green’s blog post on the KRACK vulnerability, entitled “Falling through the KRACKs”, makes two points which have come up on the System Safety mailing list frequently. One is that the IEEE standards business model makes it difficult for researchers to access… Read moreYet Another KRACK
IEC 61508:2010 is the latest edition of the general functional safety standard for E/E/PE systems. IEC 61511:2016 is the latest edition of the functional safety standard for E/E/PE systems in IACS. Last Thursday I gave a short talk (twice) to… Read moreSafety and Cybersecurity. Again.
Restarting a nuclear reactor is a complex and sensitive process. The process is essentially controlled through the neutron density at any point. The density is governed by processes which are fundamentally exponential in time, and is controlled by damping the… Read moreIACS Safety and Security Intertwined; A Realistic Example
[Ingo Rolle is the Secretary of the German National Committee responsible for matters concerning IEC 61508 as well as the German National Committee responsible for matters concerning IEC 62443. This is an invited essay. PBL] IEC 61508:2010 is the international… Read moreSILs, the Safety-Related System Lifecycle and Security Level (Ingo Rolle)
There is a considerable challenge in raising the awareness of engineering-plant personnel about the criticality of the computer systems they might be using. We addressed some electricity blackouts at the Safety-Critical Systems Symposium 2016. In the 2003 North American blackout,… Read morePower Plants and Cyberawareness
There are a few different notions of risk used in dependability engineering. One notion, used in finance and in engineering safety, is from De Moivre (1712, De Mensura Sortis in the Proceedings of the Royal Society) and is (A) the… Read moreRisk
