Safety & Security: Two sides of the same coin Back



India is a country where “Food, Shelter and Clothing” are considered the society’s basic needs. But nowadays we live in a technologically advanced and interconnected community; hence we believe that safety and security are also a fundamental need beyond just food, shelter, and clothing. The need can be justified with the recent example of cyber-attacks, COVID-19 pandemic or even the recent ammonia gas leakage accident at IFFCO’s Phulpur fertiliser plant in Prayagraj, Uttar Pradesh where two people died.

Difference between Safety & Security: Safety & Security are two different terminologies with a different meaning, but these words are often used interchangeably by people across the globe. There are scenarios when people say safety, but they mean security and vice versa. Concepts of safety & security are often confused. These are very different concepts but are often related, and they have a different meaning to different people all over the world. Hence, it is essential to clearly distinguish between safety and security.

Safety          Security
The system must do what it is supposed to do. The system should not do what it should not be supposed to do.
Protection against dangers from inside a system. Protection of a system against outside threats.
Unintentional – Protection against accidental acts, unintentional failures. Intentional – Protection against intentional acts or behaviours, criminal actions, or malicious intent.
It will have unsafe or dangerous conditions but unintentional. It will have a deliberate malicious intent
Example1. The airbag does not inflate after the accident of a car due to technical error.

2.     Fire or gas leak due to an unintentional industrial accident.

Example1.     Someone hacked your car and shut down the engine or take control of steering.

2.     Cyberattack on nuclear power plants.

  • The objective of “need for protection” is the same in both cases; however, the risk associated is different.
  • The main difference lies in the nature of the threat – intentional vs. non-intentional.

What is more important – Safety or Security?

It depends on the system. For example: if we are thinking of internet banking or online stores like Amazon, the security because our credit card details might be stored at the website. Whereas in the case of an avionics system like landing gear or flight control system, the systems’ safety is more important.

How much of Safety & Security is enough?

It is a tricky one to answer because if you do less, it may lead to system failure, but if you overdo, it will be a waste of critical project resources. Instead of adopting the Goldilocks principles, the best approach is to do a proper risk assessment and identify the safety integrity/design assurance levels. We should plan further countermeasures and testing strategies based on these levels.

A single bullet cannot address both Safety & Security risks:

It is crucial that we clearly distinguish between safety & security and create a plan to mitigate the risks associated with them. Both safety and security require a different approach, and a single method cannot address both aspects together.

This is best understood with the example of a helmet below. In a laymen’s term, a helmet protects the upper part of a wearer’s head. The approach to design a helmet changes based on its end use (safety/security).In case of industrial safety helmet as per IS 2925:1984, it is protection against falling objects and other hazards. However, in case of a police force, helmet as per IS 9562:1980, the need is to handle intentional situations such as riot control operation against the unarmed crowd. And the objective is to protect policeman from brick batting, stones, lathi blows, empty soda water bottles, acid bulbs, molotov cocktails, etc. These attack scenarios generally follow a horizontal direction, unlike a stone falling from scaffolding (vertical trajectory). This is the reason why we see visor and neck guard (neck protector) along with additional testing requirements such as “Firing Tests – Clause 9.7 & Procedure G-1.1.1 using a standard 12 bore gun” in the police force helmets which are not in industrial safety helmets. 

The interdependence of Safety & Security:

Although Safety and Security focus on different problems, causes and consequences, it is no longer possible to be truly Safe without being Secure. Let’s take the example of the Fukushima Daiichi nuclear disaster in 2011, where an earthquake led to a tsunami caused a nuclear meltdown. Security aspects are apparent here because of non-intentional natural phenomena causing harm to the plant, but we cannot overlook human factors that partly contributed to this disaster. Example of the human factor is that on March 7, 2011, Tokyo Electric Power Company submitted a report to Japan’s nuclear safety agency highlighting the vulnerability of the plant to tsunami forces where officials took note and decided to make a plan to review strengthening of the sea walls at future, but on March 11, 2011, this nuclear disaster happened. The image is of Fukushima Nuclear Power Plant Reactor 1 to 4 from right to left after the 2011 earthquake and tsunami.

The interdependence of Safety & Security can be understood more with the following examples:

  1. Safe data can be insecure, as transferred data can be compromised during transmission by network protocol snooping. Additionally, Secure data can be unsafe too, as transferred data may get corrupted.
  2. All safety-critical systems are security-critical as a cyber-attack on a safety-critical system could lead to potential security losses. Such as a steering assist system of a car if it is compromised.
    1. Safety: potential harm to occupants if it exhibits malfunctioning behaviour.
    2. Security: harm to occupants if malicious intentional steering manoeuvre is injected.
  3. All Cybersecurity Critical Systems are not Safety-Critical Systems as it could lead to loses other than safety such as privacy, financial, etc. Such as non-networked Entertainment System of a car where if it is compromised:
    1. Safety: Most probably No physical harm to the driver.
    2. Security: Financial & Privacy loses to the driver.
  4. In the last decade (2010-2020), we have seen a trend of using vehicles as weapons. The New York Attack: Eight people were killed in Manhattan after a man in a rented pickup truck ploughed into cyclists and pedestrians.The London Bridge attack in which seven people got killed. In these cases, a driver was involved, imagine if these attacks were made remotely. It is technically possible as demonstrate [4] by two researchers (Charlie Miller and Chris Valasek) where they took control of the car’s steering and forced emergency stop at high speed remotely.

How do you claim that the system is safe & secure?

A system is considered safe & secure if reliance can justifiably (using credible evidence) be placed against the system’s requirements. It calls for the need to adopt engineering best practices, follow a standard based certification approach, and creating credible evidence using qualified tools to demonstrate standards compliance. The focus must be on the construction and evaluation of evidence.

Safety & Security Certifications are the beginning of a journey rather than the end of it.No engineering process can ensure that the system is 100% safe & secure, but it is a chain of trust. For example, this chain of trust can be built by adhering to functional safety & security standards mentioned below.

Industry Functional Safety Standards Cybersecurity Standards
Automotive ISO 26262 ISO/SAE DIS 21434
Industrial IEC 61508 ISA/IEC 62443
Avionics DO-178C DO-326A/ED-202A
Medical IEC 62304 AAMI TIR57: 2016, FDA*
Rail EN 50128 ISA/IEC 62443
Nuclear IEC 60880 IEC 62645
Consumer Electronics IEC 60730 ISA/IEC 62443

* indicates that these are guidelines, not standards.

Conclusion:

  1. Safety &Security cannot be achieved in isolation. There must be integration and communication between the two, in addition to following system engineering processes.
  2. We need to understand that it has to be architected into the system as it can’t be bolt-in at a later stage.
  3. There is no full stop after safety & security; instead, it is a continuous process which must be followed throughout the lifecycle, including the phase-off stage.
  4. There is a strong need to include them in the academic curriculum to create a mindset and culture of safety & security.

About Author: Himalya Bansal is a business development professional at LDRA.

References:

  1. https://www.financialexpress.com/india-news/iffco-gas-leak-ammonia-plant-phulpur-prayagraj-two-dead/2155864/
  2. https://www.youtube.com/watch?v=zqQyeagov4Q
  3. https://commons.wikimedia.org/wiki/File:Fukushima_I_by_Digital_Globe.jpg
  4. https://www.forbes.com/sites/thomasbrewster/2016/08/02/charlie-miller-chris-valasek-jeep-hackers-steering-brake/?sh=5a69918263f4

 

Himalya Bansal is a business development professional at LDRA

January 2021