High Integrity and Low Security? Understanding the Tradeoffs between Safety and Cybersecurity
Prof. Chris Johnson
School of Computing Science, University of Glasgow.
It seems clear that security is a pre-requisite for high-integrity systems. This talk will identify the practical problems that arise from such a statement. In particular, it is impossible to be totally secure so engineers, managers and regulators have to make hard judgements about the degree of investment in cybersecurity that is required to maintain the integrity of complex safety-critical systems. These judgements are difficult because the threats are continuing to evolve and because many industries lack the necessary skill sets – too often safety engineers think that they can simply transfer techniques from safety management to create security management systems without considering the very different legal, technical and organisational demands that arise both in preparing for and responding to cyber-attacks.