HISC 2023 blog series: interview with Paul Parkinson, Field Engineering Director at Wind River

Posted on August 22, 2023

HISC is now in its tenth year. What trends and technical advances have you seen over the past ten years which impact the trustworthiness of software ecosystems?

One significant trend has been the convergence of safety and security, which in some regards has been previously addressed independently and in some ways, in silos. In the Aerospace & Defence sector, it’s been interesting to see the evolution of the DO-326A / ED-203A suite on airworthiness security and alignment with DO-178C / ED-12C for avionics software safety.

In terms of technologies, on the runtime environment side, it’s been interesting to see the evolution of processor architectures to support for secure boot and hardware virtualization, and how these have been used by the software ecosystem to improve the safety and security of systems. There’s also been a disruptive change on the development side, through increasing adoption of CI/CD and the improved affordability of cloud, enabling cloud native development of applications for the intelligent edge.

What are you most looking forward to at this year’s HISC?

I always look forward to HISC and the different conference track themes each year, and this year is no exception with tracks on Advanced Software Development & Verification, and also High Integrity Software – Assurance & Ecosystems. There will be lots of interesting talks by speakers from speakers from academia, industry and wider community. The two talks which I am most looking forward to are by Nikita Johnson from Rolls-Royce on the impact of security weaknesses in safety-critical systems; and Paul Caseley from DSTL on Edge Avionics with Digital Security by Design.

What lessons can we learn from the last ten years, and how can we ensure we build on experience throughout the next ten years?

It’s become very apparent in recent years, that even if safety-critical system was originally designed to run in a standalone / isolated environment, at some point in the future there is a strong possibility that it may become network-connected for multiple reasons, including providing real-time performance monitoring, analytics, etc. This can provide many benefits, but also increases the surface for potential attacks, so it cannot be assumed that these systems will only ever operate in a benign environment, so they should be designed with both safety and security in mind.