Upload File

engineering safety and security in the era of the ...safety.addalot.se/upload/2017/1-2 oates.pdf ·...

  • Home
  • Documents
  • Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding
32
Trusted to deliver excellence © 2017 Rolls-Royce plc The information in this document is the property of Rolls-Royce plc and may not be copied or communicated to a third party, or used for any purpose other than that for which it is supplied without the express written consent of Rolls-Royce plc. This information is given in good faith based upon the latest information available to Rolls-Royce plc, no warranty or representation is given concerning such information, which must not be taken as establishing any contractual or other commitment binding upon Rolls-Royce plc or any of its subsidiary or associated companies. Engineering Safety and Security in the era of the Industrial Internet of Things Dr Robert Oates Private Rolls-Royce Proprietary Information

Upload: others

Post on 11-Jun-2020

4 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Trusted to deliver excellence

© 2017 Rolls-Royce plc

The information in this document is the property of Rolls-Royce plc and may not be copied or communicated to a third party, or used for any purpose other

than that for which it is supplied without the express written consent of Rolls-Royce plc.

This information is given in good faith based upon the latest information available to Rolls-Royce plc, no warranty or representation is given concerning

such information, which must not be taken as establishing any contractual or other commitment binding upon Rolls-Royce plc or any of its subsidiary or

associated companies.

Engineering Safety and Security in

the era of the Industrial Internet of

Things

Dr Robert Oates

Private – Rolls-Royce Proprietary Information

Page 2: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Talk Structure

- Who am I?

- What is Product Cyber Security?

- Why is it important to understand the interactions between safety and security?

- How do safety and security interact?

Private – Rolls-Royce Proprietary Information

2

Page 3: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Private – Rolls-Royce Proprietary Information

Product Cyber Security Team3

Civil Aerospace

Defence Aerospace

Marine NuclearPower

Systems

Product Cyber Security Team

ProcessImprovement

Auditing Standardisation&

Best Practice

Project Support

Tooling

Page 4: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding
Page 5: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Sources of Product Cyber Security Risk5

Private – Rolls-Royce Proprietary Information

Attacker Capability / Motivation

Technical Sources

Cultural Sources

Page 6: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Technical Sources of Risk

Private – Rolls-Royce Proprietary Information

6

Higher Performance Systems

Hyperconnectivity

COTS

Big Data

Technical CyberRisk

Page 7: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Example: Maritime Sector

Private – Rolls-Royce Proprietary Information

7

ThrustHeading

Organisation

Automation FunctionsAutomation

FunctionsAutomation Functions

Monitoring Functions

Remote OperationLikelihood

Impact

• Data driven services

• Automation and remote access

• Wireless sensor networks

• Internet of Things

Vessel

Crew

Automation FunctionsAutomation

FunctionsIoTComponents

IoT Services

Organisation

Page 8: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Attacker Capability – Who is attacking?

CNI Attackers (From GAO):

• Nation states

• Terrorists

• Industrial spies and organised crime

• Hacktivists

• Hackers

8

Private – Rolls-Royce Proprietary Information

Page 9: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Attacker resources9

AttackerCapability

/Motivation

Private – Rolls-Royce Proprietary Information

Page 10: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

What can we do about PCS Risk?

Private – Rolls-Royce Proprietary Information

12

People

Process Technology

Page 11: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Risk Driven Design Processes13

Private - Rolls-Royce Proprietary Information

Technical Risk Assessment

Risk Treatment

Plan

Are risks acceptable?

Identify Mitigations

Update Design

Initial Design to Design Principles

Inputs:

i) Organisation:

->What’s our risk appetite?

ii) Functional Requirements

-> What are we making?

Next phaseyes

no

Page 12: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Secure Development Objectives

Private – Rolls-Royce Proprietary Information

14

Innate Security

Reactive Security

Security requirements across all sub systems to ensure that the system is secure at the system level

Active security features/subsystems that detect and react to intrusions

Information Assurance

The argument that the system is secure, through life

Page 13: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Changing Cultures

Security is everybody’s responsibility

Private – Rolls-Royce Proprietary Information

15

Training

Routes to escalation

Incident response planning

Security Champions

Communication

Page 14: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Changing Cultures

Proportionate, risk-based controls

Private – Rolls-Royce Proprietary Information

16

Keep costs down

Keep risks down

Understand risk

Page 15: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Risk Sources

Risk

Cyber Security

Attacks

Safety

Accidents

Economic

Financial Loss

17

Private – Rolls-Royce Proprietary Information

Page 16: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Statement 1

Product cyber security is a risk source that needs

to be addressed

18

Private – Rolls-Royce Proprietary Information

Page 17: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Fundamental Question

Can a software intensive system be

deemed safe if it isn’t secure?

19

Private – Rolls-Royce Proprietary Information

Page 18: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

The Enemies of Safety / The Results of Attacks

Non-determinism

Uncontrolled change

Poor communication/understanding

Private – Rolls-Royce Proprietary Information

20

Page 19: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Private - Rolls-Royce Proprietary Information

SECURITY

SAFETY

CRYPTO

Page 20: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Risk Driven Design Processes22

Private - Rolls-Royce Proprietary Information

Page 21: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Statement 2

Understanding the link to safety can make things

1. Safer

2. More secure

3. Cheaper

23

Private – Rolls-Royce Proprietary Information

Page 22: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding
Page 23: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Risk Direction: Safety

Private – Rolls-Royce Proprietary Information

25

Supplier Customer

Safety Risk

Financial Risk

Recompense

Page 24: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Risk Direction: Security

Private – Rolls-Royce Proprietary Information

26

Supplier

Customer

Security Risk

Legal Risk

Recompense

Attacker

Page 25: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Patching safety critical systems

Vulnerability

Researcher

Supplier

Malicious

Actors

System

Integrator

Discovery

Research

?

Exploitation

Research

?Remedial

actionsPatch application

Testing

and

recertification

Patch creation

Private – Rolls-Royce Proprietary Information

Page 26: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Patching safety critical systemsDiscovery

Patch application

Testing

and recertification

Discovery Discovery

. . .

. . .

. . .

Vulnerability

Researcher

Supplier

Malicious

Actors

System

Integrator

Response

cycleResponse

cycleResponse

cycle

Private – Rolls-Royce Proprietary Information

Page 27: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Design Principles in Opposition: Diversity

Private - Rolls-Royce Proprietary Information

Inputs

Outputs

System

Safety Security

P(failure) = 0.0001 Likelihood of attack?P(failure) = (0.0001)2

Implementation specific vulnerabilities

Specification vulnerabilities

Component vulnerabilities

Uncertainty: Low, de-risked from extensive testing and well established process

Low risk system Risky system!

System B

System A

Inputs Inputs

X

Extremely

Page 28: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Understanding Risk

Private – Rolls-Royce Proprietary Information

30

SafetySecurity

Data SafetyCyber

Security

• System level quality factors• Through life quality factors• Preventing harm• Design principles• Risk driven design change• Controls that are proportionate to risks

Page 29: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Technology

Private – Rolls-Royce Proprietary Information

31

Resist Detect and React

Network architecture• Interface control• Firewalls• Data diodes• Segregation

Protocol Selection

Cryptographic techniques• Cryptographic agility – quantum!• Legal issues

Multi-source localisation

Manual override

IDS• What is normal?• Interaction with watchdogs• Does “Adaptive” = “Non-deterministic” ?

Logging• Review processes

Reactions• Security responses shouldn’t

compromise safety• Safety responses shouldn’t

compromise security

Page 30: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

…but there are things missing.

Systems Engineering for Safety and Security

• Is a truly common risk model possible?

Efficient Incident Response

• Design for Forensics

• Team members

Intelligence Focus

• Where do you get threat intelligence from?

• How do you embed live intelligence into an engineering/maintainance process?

32

Private – Rolls-Royce Proprietary Information

Page 31: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

Statement 3

The interactions are complex. Some solutions exist,

but there is a way to go

33

Private – Rolls-Royce Proprietary Information

Page 32: Engineering Safety and Security in the era of the ...safety.addalot.se/upload/2017/1-2 Oates.pdf · 1. Product cyber security is a risk source that needs to be addressed 2. Understanding

In Conclusion

1. Product cyber security is a risk source that

needs to be addressed

2. Understanding the link to safety can make

things

1. Safer

2. More secure

3. Cheaper

3. The interactions are complex, solutions exist

but there is a way to go

34

Private – Rolls-Royce Proprietary Information


United Nations S Security Council Distr.: General Original ... · Letter dated 11 March 2005 from the Secretary-General addressed to the President of the Security Council I have the

SAP Security BIZEC APP/11 Version 2.0 BIZEC … Security SAP security is a complex discipline. It must be addressed holistically: • SoD controls (user roles and profiles) are necessary,

Topics Addressed

MARITIME SECURITY GUIDELINES - IMMARBE€¦ · involving Maritime Security will be addressed. The NSC’s Coordinator is the single national contact point to interface with the IMO

SecurityAndClimate.cna Security and...During our decades of experience in the U.S. military, we have addressed many national security challenges, from containment and deterrence of

THE SECURITY ISSUE...struggled under intense scrutiny to balance a defensive security strategy that has addressed current threats while at times, pushed the boundaries of the traveling

ITSP.50.105 Guidance on Cloud Security Assessment and ... · cloud-specific security considerations are addressed, and security controls of cloud-based services are properly assessed

IoT Security: The Elephant in the Room · 2017. 3. 6. · •Security should be addressed at all levels of the network open systems interconnection (OSI) stack but the physical layer

FIDO Enterprise Adoption Best Practices...cryptography? • Which enterprise security needs and security threats are best addressed using FIDO? • How can an expanded public-key cryptographic

Homeland Security Academic Advisory Council · 2016-04-18 · workshop further addressed a recommendation from the Security Academic Advisory Homeland Council (HSAAC) that DHS promote

Security Council - United Nations · Letter dated 29 October- 1997 from Mr. Tarig Aziz, Deputy Prime Minister of Iraq, addressed to the President of the Security Council Resolution

THE CIVIL RIGHTS MOVEMENT. Problems It Addressed Addressed problems facing African Americans like Addressed problems facing African Americans like Racial

a guide - British Security Industry Association (BSIA ... · using an IP LAN or WAN, ... Physical Security Interoperability Alliance; ... Some of the disadvantages are being addressed

Round Table 3Fault Statistics in Distribution Networks Addressed issues: Network reliability – Security of supply Application to maintenance and renewing

Försvarets Materielverk (FMV) Handbook for …safety.addalot.se/upload/2017/1-8 Koberstein_FMV.pdf · Försvarets Materielverk (FMV) Handbook for Software in ... – Occupational

C2 WiFi Security Camera - Resideo · C2 WiFi Security Camera Homeowners list intrusion detection as the number one problem they’d like addressed with a connected solution. The C2

IT security and digital mission in harmony · The topic of security is already addressed and aligned in the planning phase (Security-by-Design) with the ISMS of the customer as a

Smart Grid Cyber Security Strategy and Requirements · 2018-07-19 · Cyber security is being addressed using a thorough process that will result in a comprehensive set of cyber security

Building a Low-cost and State-of-the-art IoT Security ...czou//research/IFIPIoT_Education-2019.pdf · IoT security should be addressed from ve aspects [25,25], including hardware

Issues Addressed

Emerging Technology and National Security...Planning for civil liberties, privacy, and ethical impacts on national security need to be addressed in a more upfront, robust manner.

GAO-16-501 Accessible Version, INFORMATION SECURITY ... · Table 10: Specific High-Impact Controls Addressed in Selected Systems’ Security Plans 52 Table 11: Number of Individuals

SECURITY PAPER MILL, HOSHANGABAD · 2014. 5. 7. · and be addressed to the General Manager, Security Paper Mill, Hoshangabad- 46100 5 (M.P.) The tender duly prepared as following

Benefits of Security-informed Safety- oriented Process ...safety.addalot.se/upload/2016/PDF/2016_Gallina_SCSSS_SiSoPLE.pdf · Benefits of Security-informed Safety-oriented Process

Security and fire protection in storage facilities - WHO · sale or for noncommercial distribution – should be addressed to WHO Press, ... Technical supplement: Security and fire

Church Safety & Security - Amazon S3s3.amazonaws.com/.../documents/Safety_and_security_design_guide.pdfexperienced safety and security issues look for areas which need to be addressed

ASSURING NATIONAL SECURITY SPACE: INVESTING IN … · an option. There are key policy and acquisition questions regarding the future of national security space that need to be addressed

United Nations S Security Council - mfa.gov.cy · Cyprus to the United Nations addressed to the Chairman of the Security Council Committee established pursuant to resolution 1373

ImplicitandExplicitSemantics Integration ... › docs › No.2016-16.pdf · formal system developments. The following topics were addressed during the ... security, requirementsengineering,

European Cybersecurity Centre of Expertisepublications.jrc.ec.europa.eu/repository/bitstream/JRC111211/survey... · An online survey addressed to the European cyber-security research

Towards increased efficiency and confidence in process ...safety.addalot.se/upload/2018/SCSSS18_JuliethCastellanos.pdf · Modeling Control Objectives for Business Process Compliance

Harmonized Security and Privacy Framework v 2 · 2018-10-09 · security and privacy that addressed all applicable federal requirements under the Federal Information Security Management

Ector County Courthouse Needs Assessment Study Status …bloximages.newyork1.vip.townnews.com/oaoa.com/...Additional Right Sizing Addressed handicap accessibility requirements Security

Security Enhancement for SIP in Ad Hoc Networks … · security and ad hoc network security has not yet been addressed except for one work by Leggio et. al. [30, 32]. Indeed, the

Competencies Addressed: