Safety & Security
Standards Based safety and security.
Defining the Terms Safety and Security:
The term safety refer to being protected from some event that is likely to cause harm. External and internal events are considered in the process of defining safety. For example, road safety includes excessive speed, climate conditions, traffic conditions, vehicle repair, etc. Safety is used to refer to control over risk causing aspects hence protecting oneself against harmful risk.
Security refers to the protection of individuals, organizations, and properties against threats that are likely to cause harm. It is clear that security is generally focused on ensuring that external factors do not cause trouble or unwelcome situation to the organization, individuals, and the properties.
A Systems Definition of Safety and Security:
System safety and security includes the validation of internal or external processes, services and tools used to protect a system.
Systems include internal bus communication processes, external communication processes, and events need to be considered in a validation and certification process.
Security Issues
Hardware and Communications:
The hardware architecture of the CPU, memory, communication pathways and data pathways are important considerations for mission critical implementations.
Component reliability stress testing and certification is required to designate a system as safe and secure.
An Example of a Trusted and Untrusted Device Security Architecture
In this example,
The trusted environment is based on a microkernel (seL4).
Communication an untrusted CPU and external network create risk.
Software solutions used in the environment must be extensively tested to ensure reliability of operations.
Failure, recovery, and reboot testing is required to ensure minimal system downtime.
Software Bill of Materials and Hardware Bill of Materials are important considerations for risk mitigation.
Other onboard and internal security includes interfaces, physical access to devices and cables, EMR hardening, related device security, power redundancy and network security.
Safety and Threats
Safety is focused on protection from harm or danger. In the context of development, safety considerations may involve ensuring that products or systems don't cause harm to users, whether through physical injury or other risks. For example, in autonomous vehicle development, safety measures ensure that the vehicle operates reliably and avoids accidents in the event of a failure or malfunction. System malfunctions can have a significant impact on safety. Malfunctions may not be detected while representing system risk and potential failures.
Safety includes threat anticipation related to extreme events, extraordinary behavior, and malicious behaviors that may impact either devices, people, or both.
Technology is composed of a chain of solutions. Devices perform tasks, communicate to other devices that provide information to users. Threats exist throughout the chain.
Safety and Security Example in Transportation
Many people lose their lives or are seriously injured in accidents on road as a result of drivers’ fault/negligence, violation of traffic rules, vehicle malfunction, environmental conditions (rainy season, foggy weather, stormy weather, etc.), poor road-conditions, insufficient road information, poor road-constructions, a lack of safety infrastructure, growth of traffic on the road, etc.
The safety and security of computational devices is one component of a much bigger set of considerations. Many organizations are involved in the creation and operation of a safe and secure infrastructure including, auto manufacturers, owners, local, states, country governments, and service providers.
What influence or role do these parties play in the bigger picture? What does this mean from a security, privacy, control, and accountability perspective?
What are the system/architectural constraints in the system related to vehicles, communications, infrastructure, and governance?
Transportation includes system wide elements that must be considered as part of a safety and security solution.
To learn more email info@smarttalkbeacon.com