Some computer security experts put the majority of extant vulnerabilities down to poor code quality; for example, Martyn Thomas in his keynote at the 2016 IET System Safety and Computer Security conference in London. This was evidently the case in the late 1990’s, when some 80% of the newly-formed US CERT’s publicly-announced Internet-transmitted vulnerabilities were…
In the last little while I have repeatedly encountered people in safety&security standardisation circles who are trying to equate IEC 61508 SILs (Safety Integrity Levels) with IEC 62443 SLs (Security Levels). I saw another instance yesterday, in a paper written for AMAA 2015 by someone actively involved in international safety+security standardisation. A SIL is a pure reliability…
Matthew Green’s blog post on the KRACK vulnerability, entitled “Falling through the KRACKs”, makes two points which have come up on the System Safety mailing list frequently. One is that the IEEE standards business model makes it difficult for researchers to access standards, namely they want you to pay lots of money for them. We have had…
IEC 61508:2010 is the latest edition of the general functional safety standard for E/E/PE systems. IEC 61511:2016 is the latest edition of the functional safety standard for E/E/PE systems in IACS. Last Thursday I gave a short talk (twice) to the German electrotechnical standardisation organisation DKE’s annual one-day get-together event, now called the Innovation Campus…
Restarting a nuclear reactor is a complex and sensitive process. The process is essentially controlled through the neutron density at any point. The density is governed by processes which are fundamentally exponential in time, and is controlled by damping the exponent in various ways. It is physically possible for the process to become uncontrolled, on…
The security of safety-related and safety-critical systems with components incorporating digital processing is becoming a major issue. We have seen partial control taken, from a remote location, of a car which is being driven. A major electricity outage in an East-European country was caused by intrusion into the digital parts of control systems. Intrusions into…
So they have him. The bard who has spent a lifetime one step away, out of step, keeping us guessing, not playing the game, any of them, finally tripped up. Fated to turn up in Stockholm in white tie with the world’s press? Assimilated in grand style? Maybe the shortest Nobel acceptance speech ever? (“I’d…