An Assurance Framework for Independent Co-assurance of Safety and Security

Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons such as mismatched processes, inadequate information, differing use of language and philosophies, etc.. Many co-assurance techniques rely on disregarding some of these challenges in order to present a unified methodology. Even with this simplification, no methodology has been widely adopted primarily because this approach is unrealistic when met with the complexity of real-world system development. This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to unified co-assurance which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. With this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronisation activities

Special Session on Industry 4.0

No abstract available

Conceptualizing human resilience in the face of the global epidemiology of cyber attacks

Computer security is a complex global phenomenon where different populations interact, and the infection of one person creates risk for another. Given the dynamics and scope of cyber campaigns, studies of local resilience without reference to global populations are inadequate. In this paper we describe a set of minimal requirements for implementing a global epidemiological infrastructure to understand and respond to large-scale computer security outbreaks. We enumerate the relevant dimensions, the applicable measurement tools, and define a systematic approach to evaluate cyber security resilience. From the experience in conceptualizing and designing a cross-national coordinated phishing resilience evaluation we describe the cultural, logistic, and regulatory challenges to this proposed public health approach to global computer assault resilience. We conclude that mechanisms for systematic evaluations of global attacks and the resilience against those attacks exist. Coordinated global science is needed to address organised global ecrime

Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

Eco‐Holonic 4.0 Circular Business Model to Conceptualize Sustainable Value Chain Towards Digital Transition

The purpose of this paper is to conceptualize a circular business model based on an Eco-Holonic Architecture, through the integration of circular economy and holonic principles. A conceptual model is developed to manage the complexity of integrating circular economy principles, digital transformation, and tools and frameworks for sustainability into business models. The proposed architecture is multilevel and multiscale in order to achieve the instantiation of the sustainable value chain in any territory. The architecture promotes the incorporation of circular economy and holonic principles into new circular business models. This integrated perspective of business model can support the design and upgrade of the manufacturing companies in their respective industrial sectors. The conceptual model proposed is based on activity theory that considers the interactions between technical and social systems and allows the mitigation of the metabolic rift that exists between natural and social metabolism. This study contributes to the existing literature on circular economy, circular business models and activity theory by considering holonic paradigm concerns, which have not been explored yet. This research also offers a unique holonic architecture of circular business model by considering different levels, relationships, dynamism and contextualization (territory) aspects

Standardization Framework for Sustainability from Circular Economy 4.0

The circular economy (CE) is widely known as a way to implement and achieve sustainability, mainly due to its contribution towards the separation of biological and technical nutrients under cyclic industrial metabolism. The incorporation of the principles of the CE in the links of the value chain of the various sectors of the economy strives to ensure circularity, safety, and efficiency. The framework proposed is aligned with the goals of the 2030 Agenda for Sustainable Development regarding the orientation towards the mitigation and regeneration of the metabolic rift by considering a double perspective. Firstly, it strives to conceptualize the CE as a paradigm of sustainability. Its principles are established, and its techniques and tools are organized into two frameworks oriented towards causes (cradle to cradle) and effects (life cycle assessment), and these are structured under the three pillars of sustainability, for their projection within the proposed framework. Secondly, a framework is established to facilitate the implementation of the CE with the use of standards, which constitute the requirements, tools, and indicators to control each life cycle phase, and of key enabling technologies (KETs) that add circular value 4.0 to the socio-ecological transition

Mapping Big Data into Knowledge Space with Cognitive Cyber-Infrastructure

Big data research has attracted great attention in science, technology, industry and society. It is developing with the evolving scientific paradigm, the fourth industrial revolution, and the transformational innovation of technologies. However, its nature and fundamental challenge have not been recognized, and its own methodology has not been formed. This paper explores and answers the following questions: What is big data? What are the basic methods for representing, managing and analyzing big data? What is the relationship between big data and knowledge? Can we find a mapping from big data into knowledge space? What kind of infrastructure is required to support not only big data management and analysis but also knowledge discovery, sharing and management? What is the relationship between big data and science paradigm? What is the nature and fundamental challenge of big data computing? A multi-dimensional perspective is presented toward a methodology of big data computing.Comment: 59 page

Identifying attack surfaces in the evolving space industry using reference architectures

The space environment is currently undergoing a substantial change and many new entrants to the market are deploying devices, satellites and systems in space; this evolution has been termed as NewSpace. The change is complicated by technological developments such as deploying machine learning based autonomous space systems and the Internet of Space Things (IoST). In the IoST, space systems will rely on satellite-to-x communication and interactions with wider aspects of the ground segment to a greater degree than existing systems. Such developments will inevitably lead to a change in the cyber security threat landscape of space systems. Inevitably, there will be a greater number of attack vectors for adversaries to exploit, and previously infeasible threats can be realised, and thus require mitigation. In this paper, we present a reference architecture (RA) that can be used to abstractly model in situ applications of this new space landscape. The RA specifies high-level system components and their interactions. By instantiating the RA for two scenarios we demonstrate how to analyse the attack surface using attack trees

When organisational effectiveness fails: business continuity management and the paradox of performance

Purpose: The aim of the paper is to consider the nature of the business continuity management (BCM) process and to frame it within wider literature on the performance of socio-technical systems. Despite the growth in BCM activities in organisations, some questions remain as to whether academic research has helped to drive this process. The paper seeks to stimulate discussion within this journal of the interplay between organisational performance and BCM and to frame it within the context of the potential tensions between effectiveness and efficiency. Design/methodology/approach: The paper considers how BCM is defined within the professional and academic communities that work in the area. It deconstructs these definitions in order to and set out the key elements of BCM that emerge from the definitions and considers how the various elements of BCM can interact with each other in the context of organisational performance. Findings: The relationships between academic research in the area of crisis management and the practice-based approaches to business continuity remain somewhat disjointed. In addition, recent work in the safety management literature on the relationships between success and failure can be seen to offer some interesting challenges for the practice of business continuity. Practical implications: The paper draws on some of the practice-based definitions of BCM and highlights the limitations and challenges associated with the construct. The paper sets out challenges for BCM based upon theoretical challenges arising in cognate areas of research. The aim is to ensure that BCM is integrated with emerging concepts in other aspects of the management of uncertainty and to do so in a strategic context. Originality/value: Academic research on performance reflects both the variety and the multi-disciplinary nature of the issues around measuring and managing performance. Failures in organisational performance have also invariably attracted considerable attention due to the nature of a range of disruptive events. The paper reveals some of the inherent paradoxes that sit at the core of the BCM process and its relationships with organisational performance