Bridging the safety-security software gap

Abstract

Software security and safety engineers live in different and often separate worlds. The former professionals worry about protecting information-processing systems and data from attacks. The latter are concerned with potential harm inflicted by malfunctioning or failed industrial control systems (ICSs). Some researchers, such as Joseph Weiss, have addressed the need to have security built into industrial control systems, including safety systems. Weiss attributes the general lack of security for ICSs to a “hole ... in academia” since “security is taught in computer science departments, whereas control systems are taught in various engineering departments.” Others have expressed concern about who might be liable when information and control systems, are combined, as in autonomous (driverless) vehicles. However, many issues relating to combined security and safety systems are much broader and more critical than the above. In this paper, which is based on his recent book, Axelrod takes a holistic view of the consequences of integrating security-critical information systems and networks with safetycritical control systems, such as those systems related to avionics, electricity grids, nuclear power plants, weapons systems, and the like. It is not sufficient to train software engineers about securing control systems. It is also necessary that security professionals gain a greater understanding of the control systems to which their information systems are increasingly being connected. This two-way exchange of ideas and approaches is crucial for ensuring that systems, which combine both security-critical and safety-critical components, meet standards and certification requirements.