High Integrity and Low Security? Understanding the Tradeoffs between Safety and Cybersecurity

Prof. Chris Johnson

School of Computing Science, University of Glasgow.

It seems clear that security is a pre-requisite for high-integrity systems. This talk will identify the practical problems that arise from such a statement. In particular, it is impossible to be totally secure so engineers, managers and regulators have to make hard judgements about the degree of investment in cybersecurity that is required to maintain the integrity of complex safety-critical systems. These judgements are difficult because the threats are continuing to evolve and because many industries lack the necessary skill sets – too often safety engineers think that they can simply transfer techniques from safety management to create security management systems without considering the very different legal, technical and organisational demands that arise both in preparing for and responding to cyber-attacks.

About Prof. Chris Johnson

Chris Johnson is Professor and Head of Computing Science at the University of Glasgow. His work focuses on the interactions between safety and security. He is senior external advisor to the European Commission and to the SESAR JU programme on Air Traffic Management. He has held fellowships from NASA and the US Air Force. In 2014, he worked on contingency planning for Dutch air space and assisted the United Nations in developing cyber-security policies for CBRN facilities. In 2015, he is supporting contingency planning in Belgian air space and is assisting the cybersecurity of the UK civil nuclear reactor new build programme.

Sponsored by