Why We Cannot (Yet) Ensure the Cybersecurity of Safety-Critical Systems

There is a growing threat to the cyber-security of safety-critical systems. The introduction of Commercial Off The Shelf (COTS) software, including Linux, specialist VOIP applications and Satellite Based Augmentation Systems across the aviation, maritime, rail and power-generation infrastructures has created common, vulnerabilities. In consequence, more people now possess the technical skills required to identify and exploit vulnerabilities in safety-critical systems. Arguably for the first time there is the potential for cross-modal attacks leading to future ‘cyber storms’. This situation is compounded by the failure of public-private partnerships to establish the cyber-security of safety critical applications. The fiscal crisis has prevented governments from attracting and retaining competent regulators at the intersection of safety and cyber-security. In particular, we argue that superficial similarities between safety and security have led to security policies that cannot be implemented in safety-critical systems. Existing office-based security standards, such as the ISO27k series, cannot easily be integrated with standards such as IEC61508 or ISO26262. Hybrid standards such as IEC 62443 lack credible validation. There is an urgent need to move beyond high-level policies and address the more detailed engineering challenges that threaten the cyber-security of safety-critical systems. In particular, we consider the ways in which cyber-security concerns undermine traditional forms of safety engineering, for example by invalidating conventional forms of risk assessment. We also summarise the ways in which safety concerns frustrate the deployment of conventional mechanisms for cyber-security, including intrusion detection systems

Increasing resilience of ATM networks using traffic monitoring and automated anomaly analysis

Systematic network monitoring can be the cornerstone for the dependable operation of safety-critical distributed systems. In this paper, we present our vision for informed anomaly detection through network monitoring and resilience measurements to increase the operators' visibility of ATM communication networks. We raise the question of how to determine the optimal level of automation in this safety-critical context, and we present a novel passive network monitoring system that can reveal network utilisation trends and traffic patterns in diverse timescales. Using network measurements, we derive resilience metrics and visualisations to enhance the operators' knowledge of the network and traffic behaviour, and allow for network planning and provisioning based on informed what-if analysis

Essay Review: Implications for Educators of Daniel Everett’s Language: The Cultural Tool

This essay review discusses Everett (2012), Language: The Cultural Tool, with particular emphasis on implications for educators. While Everett does not belong to the discourse of pedagogy and policy for classrooms, his findings and arguments resonate powerfully with the contemporary challenges of PK-12 classrooms and teacher preparation

Principles for increased resilience in critical networked infrastructures

We propose a framework for deploying stronger, intelligent resilience mechanisms in mission-critical ATM networks over and above that offered by physical n-fold redundancy. We compare the challenges facing power and data network resilience and discuss disruptive threats to real-world operations. Using recorded live data from an ATM data network we argue our proposed architecture with deployable, distributed on-demand anomaly detection and monitoring modules provides enhanced fail-secure versus current fail-safe resilience

Laypeoples' and experts' risk perception of cloud computing

Cloud computing is revolutionising the way software services are procured and used by Government organizations and SMEs. Quantitative risk assessment of Cloud services is complex and undermined by specific security concerns regarding data confidentiality, integrity and availability. This study explores how the gap between the quantitative risk assessment and the perception of the risk can produce a bias in the decision-making process about Cloud computing adoption. The risk perception of experts in Cloud computing (N=37) and laypeople (N=81) about ten Cloud computing services was investigated using the psychometric paradigm. Results suggest that the risk perception of Cloud services can be represented by two components, called dread risk and unknown risk, which may explain up to 46% of the variance. Other factors influencing the risk perception were perceived benefits, trust in regulatory authorities and technology attitude. This study suggests some implications that could support Government and non-Government organizations in their strategies for Cloud computing adoption

Communicating the Value of Ergonomics to Management – Part 2: Ergonomics ROI Case Study Applications

More than ever, human factors engineers and ergonomists need to justify our practice’s value to management. How can we effectively communicate with management? How should we present a Return on Investment (ROI) that leadership will find useful that addresses company profits, cost savings, productivity, first time quality, and turnover? What else does management care about other than ROI? This second panel in a two panel series will specifically highlight case studies in which presenters give examples of situations in which ROI for ergonomics was investigated from a business value. The session will start with four case study lectures followed by a panel discussion led by the moderators. The audience will be encouraged to participate with their own questions and comments

A Possible Approach for Addressing Neglected Human Factors Issues of Systems Engineering

The increasing complexity of safety-critical applications has led to the introduction of decision support tools in the transportation and process industries. Automation has also been introduced to support operator intervention in safety-critical applications. These innovations help reduce overall operator workload, and filter application data to maximize the finite cognitive and perceptual resources of system operators. However, these benefits do not come without a cost. Increased computational support for the end-users of safety-critical applications leads to increased reliance on engineers to monitor and maintain automated systems and decision support tools. This paper argues that by focussing on the end-users of complex applications, previous research has tended to neglect the demands that are being placed on systems engineers. The argument is illustrated through discussing three recent accidents. The paper concludes by presenting a possible strategy for building and using highly automated systems based on increased attention by management and regulators, improvements in competency and training for technical staff, sustained support for engineering team resource management, and the development of incident reporting systems for infrastructure failures. This paper represents preliminary work, about which we seek comments and suggestions

The Identification of Extreme Asymptotic Giant Branch Stars and Red Supergiants in M33 by 24 {\mu}m Variability

We present the first detection of 24 {\mu}m variability in 24 sources in the Local Group galaxy M33. These results are based on 4 epochs of MIPS observations, which are irregularly spaced over ~750 days. We find that these sources are constrained exclusively to the Holmberg radius of the galaxy, which increases their chances of being members of M33. We have constructed spectral energy distributions (SEDs) ranging from the optical to the sub-mm to investigate the nature of these objects. We find that 23 of our objects are most likely heavily self-obscured, evolved stars; while the remaining source is the Giant HII region, NGC 604. We believe that the observed variability is the intrinsic variability of the central star reprocessed through their circumstellar dust shells. Radiative transfer modeling was carried out to determine their likely chemical composition, luminosity, and dust production rate (DPR). As a sample, our modeling has determined an average luminosity of (3.8 $\pm$ 0.9) x 10$^4$ L$_\odot$ and a total DPR of (2.3 $\pm$ 0.1) x 10$^{-5}$ M$_\odot$ yr$^{-1}$. Most of the sources, given the high DPRs and short wavelength obscuration, are likely "extreme" AGB (XAGB) stars. Five of the sources are found to have luminosities above the classical AGB limit (M$_{\rm bol}$ 54,000 L$_\odot$), which classifies them as probably red supergiants (RSGs). Almost all of the sources are classified as oxygen rich. As also seen in the LMC, a significant fraction of the dust in M33 is produced by a handful of XAGB and RSG stars.Comment: 36 pages, 14 figures, 4 tables, Accepted for publication in A