An Assurance Framework for Independent Co-assurance of Safety and Security

Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons such as mismatched processes, inadequate information, differing use of language and philosophies, etc.. Many co-assurance techniques rely on disregarding some of these challenges in order to present a unified methodology. Even with this simplification, no methodology has been widely adopted primarily because this approach is unrealistic when met with the complexity of real-world system development. This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to unified co-assurance which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. With this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronisation activities

An Assurance Framework for Independent Co-assurance of Safety and Security

Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons, such as mismatched processes, inadequate information, differing use of language and philosophies, etc. Many co-assurance techniques rely on disregarding some of these challenges to present a unified methodology. Even with this simplification, no methodology has been widely adopted, primarily because this approach is unrealistic when met with the complexity of real-world system development. This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to a unified co-assurance, which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. In this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronization activities

Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS - a collection of Technical Notes Part 2

This report provides an introduction and overview of the Technical Topic Notes (TTNs) produced in the Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS (Tigars) project. These notes aim to support the development and evaluation of autonomous vehicles. Part 1 addresses: Assurance-overview and issues, Resilience and Safety Requirements, Open Systems Perspective and Formal Verification and Static Analysis of ML Systems. This report is Part 2 and discusses: Simulation and Dynamic Testing, Defence in Depth and Diversity, Security-Informed Safety Analysis, Standards and Guidelines

Personal security in travel by public transport : the role of traveller information and associated technologies

Acknowledgement This research reported in this paper has been funded by a grant award from the Engineering and Physical Sciences Research Council: EP/I037032/1.Peer reviewedPublisher PD

Feeding Britain: Food Security after Brexit

This Food Brexit Briefing brings together three interlinked issues that demand policy attention as the clock ticks towards Brexit: 1. The question of whether the Government is paying enough attention to agri-food in the negotiating process, given its central role in both public wellbeing and the national economy. 2. The threat a careless Brexit poses to the UK’s short-term food security – and any long-term attempt to develop a genuinely sustainable food strategy for the whole of the UK. 3. The risk generated to the UK’s status as a potential trading partner of the EU by the Food Standards Agency’s decision to press ahead with major reform of UK food safety regulation, at a time when regulatory stability and clarity have never been more important. The report was written by FRC’s Professor Tim Lang, with Professor Erik Millstone (Sussex), Tony Lewis (Head of Policy at Chartered Institute for Environmental Health) and Professor Terry Marsden (Cardiff). It takes stock of ‘food Brexit’ and argues that a hard Brexit or no-deal Brexit (and retreat to WTO rules) would imperil the sustainability and security of Britain’s food supply. The report recommends that the Government should: - Maintain a clear and explicit focus on the potential adverse effects of Brexit on food security in the UK, while negotiating the UK’s future trading relationships with the EU and other jurisdictions. - Publish Brexit impact studies on the UK’s agricultural and food system for the White Paper and Chequers Statement and any subsequent proposals. - Ensure that high food standards remain at the heart of any future trade deals. - Provide clarity on its proposed migration policy, taking account of the contributions that non-UK citizens of the EU are making to the quantity and quality of the UK’s food supply and services. - Avoid a hard Food Brexit at all costs.The UK must not retreat to a WTO-rules-based regime. The EU would then categorise the UK as a ‘3rd Country’, which could be a recipe for chaos. - Create a new Sustainable Food Security Strategy. This would engage with the complexities of the food system and the multiple criteria by which it should be evaluated; and identify clear priorities and pathways for progress. The report also calls on the Food Standards Agency to: - Address the calls for clarification and evidence posed in the paper in respect of its Regulating Our Future (ROF) Where such clarification or evidence is not available, then the Agency should modify or suspend the introduction of its proposals, at least until after Brexit

Architecture and Information Requirements to Assess and Predict Flight Safety Risks During Highly Autonomous Urban Flight Operations

As aviation adopts new and increasingly complex operational paradigms, vehicle types, and technologies to broaden airspace capability and efficiency, maintaining a safe system will require recognition and timely mitigation of new safety issues as they emerge and before significant consequences occur. A shift toward a more predictive risk mitigation capability becomes critical to meet this challenge. In-time safety assurance comprises monitoring, assessment, and mitigation functions that proactively reduce risk in complex operational environments where the interplay of hazards may not be known (and therefore not accounted for) during design. These functions can also help to understand and predict emergent effects caused by the increased use of automation or autonomous functions that may exhibit unexpected non-deterministic behaviors. The envisioned monitoring and assessment functions can look for precursors, anomalies, and trends (PATs) by applying model-based and data-driven methods. Outputs would then drive downstream mitigation(s) if needed to reduce risk. These mitigations may be accomplished using traditional design revision processes or via operational (and sometimes automated) mechanisms. The latter refers to the in-time aspect of the system concept. This report comprises architecture and information requirements and considerations toward enabling such a capability within the domain of low altitude highly autonomous urban flight operations. This domain may span, for example, public-use surveillance missions flown by small unmanned aircraft (e.g., infrastructure inspection, facility management, emergency response, law enforcement, and/or security) to transportation missions flown by larger aircraft that may carry passengers or deliver products. Caveat: Any stated requirements in this report should be considered initial requirements that are intended to drive research and development (R&D). These initial requirements are likely to evolve based on R&D findings, refinement of operational concepts, industry advances, and new industry or regulatory policies or standards related to safety assurance

Could the Outsourcing of Incident Response Management provide a Blueprint for Managing Other Cloud Security Requirements?

Postprin