An Assurance Framework for Independent Co-assurance of Safety and Security

Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons such as mismatched processes, inadequate information, differing use of language and philosophies, etc.. Many co-assurance techniques rely on disregarding some of these challenges in order to present a unified methodology. Even with this simplification, no methodology has been widely adopted primarily because this approach is unrealistic when met with the complexity of real-world system development. This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to unified co-assurance which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. With this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronisation activities

An integrated risk analysis framework for safety and cybersecurity of industrial SCADA system

The industrial control system (ICS) refers to a collection of various types of control systems commonly found in industrial sectors and critical infrastructures such as energy, oil and gas, transportation, and manufacturing. The supervisory control and data acquisition (SCADA) system is a type of ICS that controls and monitors operations and industrial processes scattered across a large geographic area. SCADA systems are relying on information and communication technology to improve the efficiency of operations. This integration means that SCADA systems are targeted by the same threats and vulnerabilities that affect ICT assets. This means that the cybersecurity problem in SCADA system is exacerbated by the IT heritage issue. If the control system is compromised due to this connection, serious consequences may follow. This leads to the necessity to have an integrated framework that covers both safety and security risk analysis in this context. This thesis proposes an integrated risk analysis framework that comprise of four stages, and that build on the advances of risk science and industry standards, to improve understanding of SCADA system complexity, and manage risks considering process safety and cybersecurity in a holistic approach. The suggested framework is committed to improving safety and security risk analysis by examining the expected consequences through integrated risk identifications and identifying adequate safeguards and countermeasures to defend cyber-attack scenarios. A simplified SCADA system and an undesirable scenario of overpressure in the pipeline are presented in which the relevant stages of the framework are applied

Assessing safety net readiness in response to food price volatility

In 2008, when food prices rose precipitously to record highs, international attention and local policy in many countries focused on safety nets as part of the response. Now that food prices are high again, the issue of appropriate responses is again on the policy agenda. This note sets out a framework for making quick, qualitative assessments of how well countries'safety nets prepare them for a rapid policy response to rising food prices should the situation warrant. The framework is applied using data from spring 2011, presenting a snap?shot analysis of what is a dynamically changing situation. Based on this data safety net readiness is assessed in 13 vulnerable countries based on the following criteria: the presence of safety net programs, program coverage, administrative capacity, and to a lesser degree, targeting effectiveness. It is argued that these criteria will remain the same throughout time, even if the sample countries affected will be expected to vary. Based on thisanalysis the note highlights that though a number of countries are more prepared than they were in 2008, there is still a significant medium term agenda on safety net preparedness in the face of crisis. In this context, strategic lessons from the 2008 food crisis response are presented to better understand the response options and challenges facing governments and policy makers. The note concludes by calling for continued investment and scale up of safety nets to mitigate poverty impacts and help prevent long term setbacks in nutrition and poverty.Food&Beverage Industry,Safety Nets and Transfers,Emerging Markets,Rural Poverty Reduction,Regional Economic Development

On the gap between theory and practice in defining and understanding risk

The risk concept is used in all types of situations and applications, ranging from technology to medicine and security issues. Many definitions of the concept exist, and there is an ongoing discussion on what is the most suitable way of defining and understanding the concept. In recent years, several overriding frameworks have been developed, aiming at providing conceptual clarity and structure and including most of the existing definitions as special cases. A key feature of these frameworks is that uncertainty is a main component of risk. Risk science literature and recognized societies and organizations have actively promoted these frameworks and definitions. Nonetheless, applied risk analysis and management is characterized by all types of definitions and understandings of risk, many that go back to conventions made several decades ago. It can be argued that there is a considerable gap between contemporary risk science knowledge and the practice of risk analysis and risk management in these areas. This paper discusses why we have this gap, why it is important to close it and how this can be achieved. A main goal of the paper is to refute the claim that the gap is due to a disconnection between risk science and the application of risk science.publishedVersio

An Assurance Framework for Independent Co-assurance of Safety and Security

Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons, such as mismatched processes, inadequate information, differing use of language and philosophies, etc. Many co-assurance techniques rely on disregarding some of these challenges to present a unified methodology. Even with this simplification, no methodology has been widely adopted, primarily because this approach is unrealistic when met with the complexity of real-world system development. This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to a unified co-assurance, which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. In this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronization activities

Towards a Secure and Resilient Vehicle Design: Methodologies, Principles and Guidelines

The advent of autonomous and connected vehicles has brought new cyber security challenges to the automotive industry. It requires vehicles to be designed to remain dependable in the occurrence of cyber-attacks. A modern vehicle can contain over 150 computers, over 100 million lines of code, and various connection interfaces such as USB ports, WiFi, Bluetooth, and 4G/5G. The continuous technological advancements within the automotive industry allow safety enhancements due to increased control of, e.g., brakes, steering, and the engine. Although the technology is beneficial, its complexity has the side-effect to give rise to a multitude of vulnerabilities that might leverage the potential for cyber-attacks. Consequently, there is an increase in regulations that demand compliance with vehicle cyber security and resilience requirements that state vehicles should be designed to be resilient to cyber-attacks with the capability to detect and appropriately respond to these attacks. Moreover, increasing requirements for automotive digital forensic capabilities are beginning to emerge. Failures in automated driving functions can be caused by hardware and software failures as well as cyber security issues. It is imperative to investigate the cause of these failures. However, there is currently no clear guidance on how to comply with these regulations from a technical perspective.In this thesis, we propose a methodology to predict and mitigate vulnerabilities in vehicles using a systematic approach for security analysis; a methodology further used to develop a framework ensuring a resilient and secure vehicle design concerning a multitude of analyzed vehicle cyber-attacks. Moreover, we review and analyze scientific literature on resilience techniques, fault tolerance, and dependability for attack detection, mitigation, recovery, and resilience endurance. These techniques are then further incorporated into the above-mentioned framework. Finally, to meet requirements to hastily and securely patch the increasing number of bugs in vehicle software, we propose a versatile framework for vehicle software updates

The Bioterrorism Act of the USA and international food trade: Evaluating WTO conformity and effects on bilateral imports

The September 11th event focused the world's attention on the threat of bioterrorism to the food chain. As a consequence, the U.S. implemented the Bioterrorism Act (BTA). These new administrative import rules will be evaluated regarding WTO conformity and trade impact. This analysis is based on an inventory approach systematizing the BTA, and a trade flow analysis. The BTA do not significantly deviate from WTO rules, however, the findings are driven by existing flexibility in international administrative import guidelines. The trade analysis highlights that products and countries with prior expedited or less regulated procedures and small import quantities are affected.Food Consumption/Nutrition/Food Safety, International Relations/Trade,