Information security for safety-critical systems

For computer systems that are safety-critical, such as machine control and automotive embedded systems, that shall comply with functional safety standards such as IEC 61508, functional safety must not be compromised when they become connected to external systems or the Internet. The challenge is to do an adequate trade-off between cost and protection. To obtain such a balance, a comprehensive risk analysis must be performed, followed by risk reduction activities and evaluation. To be fully protected against all types of attack vectors while still meeting availability requirements is often not possible. It is therefore important to choose security technologies that provide an acceptable residual risk, which requires a systematic security and safety approach.

Training 

We have long experience of training within the Machinery Directive and functional safety standards such as IEC 61508, ISO 13849 and ISO 26262. We offer training in related computer security standards to provide a sufficient theoretical foundation for when safety-critical systems are to be connected to external systems.

Risk Analysis

We have extensive experience in doing risk analysis for functional safety as well as information security. Thus, we can assist, by using methods such as HARA/TARA, FTA/ATA and FMEA/FMEVA, in the identification of the risks that your system is facing in terms of reliability as well as information security.

Verification of architecture and security mechanisms

When the risk assessment is completed and the system architecture and security mechanisms chosen to manage the risks have been implemented, RISE can assist in the analysis of the architecture to provide an independent opinion on whether adequate security is obtained with the proposed architecture and the proposed security mechanisms. Further, we can help to validate the implemented security mechanisms by means of systematic analysis (e.g. code inspection, evaluation of circuit diagrams and test specifications).