Securing Safety-Critical Systems

I am a fervent reader of the IEEE Security & Privacy magazine. The quality of the articles is top-flight and the columns and interviews make for informative and entertaining reading. I count many of the “regulars,” such as Dan Geer, Gary McGraw and Jeremy Epstein, among my list of mentors and colleagues and have high regard and respect for them and their work.

I was excited to receive the July/August 2013 issue of the magazine on “Safety-Critical Systems,” particularly since I published a book on “Engineering Safe and Secure Software Systems” last fall. It was interesting to read, in the introductory piece by Robin Bloomfield and Jay Lala, that one of the reasons for choosing the featured topic is that the tagline of the magazine is “Building Dependability, Reliability, and Trust” and also that the magazine is “partially owned by the IEEE Reliability Society.”

Bloomfield and Lala proceed to distinguish between safety and security much as I do in my book, but they refer neither to my book, which includes very similar definitions, nor to Barry Boehm who appears to have originated these definitions. I make a particular effort to highlight these definitions and differences in my book (even to the extent of the diagram on the front cover) because this is an area of much confusion and great importance. I also spent time describing the unique features of safety-critical and security-critical systems and how the superset of characteristics has become increasingly important as IT systems and industrial control systems are interconnected. Subsequently, in a presentation at the 2013 IEEE LISAT (Long Island Systems, Applications and Technology) Conference … “Managing the Risks of Cyber-Physical Systems” …  I examined the evolving meaning of the term “cyber-physical system,” differentiating among data and computational processing, independent and embedded software, and computer hardware and industrial equipment. An abstract of the paper, and an opportunity to purchase it, can be found at

The articles in this issue of IEEE Security & Privacy magazine include such topics as the causes of medical-device failure, the failure of Caltech’s autonomous vehicle entry in the 2007 DARPA Urban Challenge, the use of fault-injection for software certification, securing control systems from the inside, etc. Each article is written by leading subject-matter experts in their respective fields and I derived a great deal from each. However, I felt that some things were lacking. For one, the path from security and privacy to safety was fuzzy and barely trodden. I would rather see an explicit connection rather than the somewhat artificial link between security and safety justified by the magazine’s tagline. Why not change the name of the publication to the “IEEE Security, Privacy & Safety” magazine? The articles also need to distinguish more explicitly among the various concepts using a common taxonomy. We don’t see a clear distinction between the threats resulting from unintended errors, malfunctions and failures of embedded or dedicated software and threats arising from outsiders hacking into the on-board systems with malicious intent. While it is true that the possibility of an autonomous vehicle getting into a vicious cycle of self-destruction is indeed disturbing, how much greater is the concern that, once such vehicles become commonplace, those with evil intent might subvert the systems causing mass chaos. The former is a safety issue, whereas the latter also incorporates security concerns. Cybersecurity experts need to insert themselves into the requirements, design, development and testing phases of these cyber-physical systems, otherwise we shall see the deployment of more and more potentially hazardous systems that are not protected from intentional and unintentional compromises.

Post a Comment

Your email is never published nor shared. Required fields are marked *