27th March – 15:30-16:30
Valle Inclán room
Security-Informed Risk Assessment for Safety-Critical Systems
In this talk, I will discuss some general approaches towards security-informed risk assessment and some of the challenges for security-informed safety, before describing the approach we have developed at Adelard for doing security-informed risk assessment for safety-critical systems. I will also present a rail code of practice for security-informed safety that we have developed on behalf of government and the rail industry, and a related standard, PAS 11281:2018, that deals with the impact of security on safety in the connected automotive ecosystem. The talk will be illustrated with examples based on our experience of assessing the security of railway systems, and extracts from the code of practice.
Robert Stroud is a Principal Consultant at Adelard LLP with a background in security and fault tolerance. He has worked on behalf of the UK government and rail industry on a number of projects concerned with the security of ERTMS, a European standard for railway signalling, and is a member of the High Integrity Systems Group at the UK Railway Standards and Safety Board (RSSB). He has a particular interest in security-informed safety and has developed and delivered a course on security-awareness for railway safety engineers to over 200 railway professionals. He is the principal technical author of a code of practice on security-informed safety for the rail industry and was also a technical author of PAS 11281:2018, a similar code of practice for the automotive industry that was published in December 2018. Prior to joining Adelard, he was a Reader in Security and Dependability at City University London and University of Newcastle upon Tyne, UK.