Abstract
There has been a historic partition between safety and security risk management, which could be seen as an oversimplification as the two are becoming increasingly blurred. This is particularly the case with the increased use of automation and autonomous systems in the transportation sector. Furthermore, there is a misguided assumption that by performing a safety risk assessment, security risk is also addressed.The distinction between accidental and deliberate causes of an unwanted event is becoming harder to distinguish, especially when nation state offensive teams or cybercriminals have developed cyberweapons that mimic more routine software or hardware bugs.The premise of this chapter is that security and safety are inextricably linked, and organisations with safety risk management practices should begin to introduce more formalised security risk management. A key question is how these approaches to risk management differ and whether, and how, they might be integrated.In this chapter, we address this issue, first by describing safety risk management and 'safety cases', which are used for the introduction of new systems or significant system changes and to existing operational systems. We then describe an approach to a 'security case'. The remainder of the chapter considers the extent to which safety and security can be brought together and ways of doing this.The examples, processes and statements in this chapter are drawn from the aviation industry. Similar organisational structure and processes are defined for other transport sectors, such as the International Maritime Organisation or the European Railways Agency.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call