The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Safety is fundamental to the air traffic management (ATM) industry. However, ATM is undergoing unprecedented change and a number of new challenges face the industry. Against this backdrop, the industry needs to ensure that how safety is managed remains appropriate and our safety data continues to inform us of how safe we are and alert us to our risks. Recent advances in safety thinking point towards...
The human element has been identified as a contributing factor in over 95% of all security incidents. Current technical risk assessment methodologies, such as the IS1-2 Supplement, go some way to quantifying the characteristics of a non-malicious insider attacks, based on a historical understanding of the user group, organisational security culture and past security breaches. However, the approaches...
Integrated Control and Safety Systems (ICSS) are becoming an increasingly common practice as an efficient solution in Oil & Gas operations, being more economic and manageable than isolated BPCS (Basic Process Control System) and SIS (Safety Instrumented System) infrastructures. However, seamless integration can compromise functional safety. This paper will discuss practical methods and design...
Electronic authentication (a.k.a e-Authentication) is the process of establishing confidence in a user's identity electronically presented to an information system. In today's world of exploding internet usage and adoption of e-Governance and e-Commerce initiatives in countries across the world, it is imperative that a user is identified with confidence. In the last 5 years or so, there have been...
Modern control systems are becoming complex and interconnected as they are increasingly integrating new information and communication technologies. Many industries like automobile, aeronautics and energy are facing great challenges as their systems are becoming less isolated and vulnerable to external malevolence. Indeed, cyber-attacks targeting industrial infrastructures can engender heavy impacts...
Performance based functional safety standards like IEC 61511 offer many advantages including the opportunity to optimize and upgrade Safety Instrumented Functions (SIFs) designs. Performance calculations depend on realistic failure data for instruments used in SIFs. A predictive analytics technique based around the Failure Modes Effects and Diagnostic Analysis (FMEDA) has been developed along with...
Most errors in critical systems arise in the requirements. Consistency and completeness of such requirements as well as their traceability throughout the development are very important. However, it has been found that the current revision of IEC 61508:2010 does not require either requirement to be checked. We propose that clauses be added to IEC 61508 in the forthcoming maintenance cycle to require...
To be considered compelling an assurance case should address its potential deficits, possibly with the use of a confidence argument. Assurance argument and confidence argument should be clearly separated and consistent at the same time. We propose a way of their integration with the use of an element representing rationale for each argumentation strategy. The rationale integrates confidence argument...
Safety and security disciplines are often independent domains, with little interaction. There is increasing convergence driven by common technologies, platforms and networking, where safe operation of complex systems requires appropriate security. The two disciplines may also conflict, creating new hazardous that may require new safety functionality to reduce the security derived risk. Solely using...
The need to address safety and security related aspects at an early stage of development of feedback control systems (FCS) has been identified as vital for the optimisation of the development process of military land systems. These systems often include network enabled capability (NEC) allowing the use of electronics architectures to integrate different sub-systems. However, this increased integration...
System safety and cyber security have a great effect on system reliability which is the foundation of keeping system running-normally. Although safety and security controls can reinforce each other mutually, contradictions between them also exist, such as resource competition that may cause serious damage. This paper puts forward a risk-based task scheduling approach for the integrated control of...
Common definitions of “safety case” emphasize that evidence is the basis of a safety argument, yet few widely referenced works explicitly define “evidence”. Their examples suggest that similar things can be regarded as evidence. But the category evidence seems to contain (1) processes for finding things out, (2) information resulting from such processes, and (3) relevant documents. Moreover, any item...
This paper introduces the SESAR and NextGen programmes for the modernisation of Air Traffic Management (ATM) across Europe and North America. These initiatives were envisioned at a time when cyber-security was less of an issue than it is today. The US Government Accountability Office and the European Commission have subsequently raised significant concerns that the core components of SESAR and NextGen...
The close connection between safety and security has led to a growing interest in a combined handling of these two areas of research. The paper presents a roadmap for realizing such a combined handling. The conditions enabling a combined safety and security analysis are identified and used as starting point of the elaboration. Utilizing these properties, a theoretical framework unifying key aspects...
This paper presents an analysis of the systems and software engineering factors that contributed to the disruption to UK air traffic in December 2014, and to the effective diagnosis of, and recovery from, the incident. It also draws out lessons learnt that are pertinent to the development and evolution of such complex, software-intensive systems.
This paper explores some of the potential challenges experienced by the aerospace industry following the introduction of autonomous systems. The automotive industry is currently transitioning to position itself to introduce autonomous cars to the global market. This paper therefore makes suggestions where the automotive industry can potentially benefit from understanding lessons learned from the aerospace...
The safety of vehicle electronic systems can be compromised by a malicious attack. In this paper, the authors describe their pragmatic approach to efficiently integrate the previously separate “security” aspects into the mature safety processes at an automotive Tier-1 supplier. Examples are given from the development of an electrical power steering controller.
The use of Software of Unknown Provenance (SOUP) in the development of modern information systems has become widespread and is difficult to avoid. Unfortunately, important properties of the software, such as critical security properties, cannot be assured with SOUP making the use of SOUP problematic. In this paper we summarize Kevlar, a comprehensive approach to enhancing the security of SOUP. Kevlar...
Industrial Control Systems (ICS) are now routinely connected to other networks to optimise business efficiency. Designs for safety and security risk treatment measures may conflict and cannot be designed in isolation yet we find there are still problems in combining them. If a CEO were to ask his safety engineer and his security engineer of a complex, networked, software-intensive system to produce...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.