This 3-day intensive training course covers fundamental elements of an integrated approach to managing safety and cybersecurity risk for a complex system. In particular, this training focuses on how an existing system safety process can be extended to take account of cybersecurity threats.
Increasing automation, remote operation, cloud-based computing and the inter-connection of “smart” systems are among the technology trends that potentially heighten exposure to cybersecurity threats. Conventional IT measures for information security centered on equipment level mitigations such as firewalls and encryption are unlikely to be a complete solution for the protection of safety-critical systems. Such measures need to be complemented by strategies, processes and techniques that focus on top-down systems-of-system understanding of how cybersecurity threats impact safety.
Industry, government organizations and individual consumers are increasingly concerned about the safety impact of cyber threats across a variety of a variety of advanced technology domains including aerospace, autonomous and remotely operated vehicles, mass rapid transit, maritime, industrial robotics, defence, critical infrastructure, “smart” buildings, health information systems and medical devices. The Computer Misuse and Cybersecurity Act (CMCA) currently before the Singapore Parliament underlines the urgency and importance of addressing these concerns, especially by recognizing that cyber threats can cause “serious harm in Singapore” including illness, injury, death and disruption of essential services. International engineering standards such as RTCA DO-326A (aerospace) and SAE J3061 (automotive) and other forms of guidance published within the last five years aim to help ensure that the potential safety impact of cyber threats is properly addressed by organizational processes. However, a limiting factor for many organizations is the lack of qualified personnel who have the knowledge and skills to cross between the traditionally separate disciplines of safety and cybersecurity. From this training, participants can:
This training is intended for managers and engineering staff responsible for the development and/or maintenance of safety-critical systems that could be potentially be vulnerable to cyber-security attacks. Participants should have a basic familiarity with both conventional system safety engineering methodology and a general awareness of concerns about cybersecurity. While primarily intended for “security-minded” safety engineers and system engineers, this training will also be valuable for IT security specialists who have a role in the development or maintenance of safety-critical systems.
The value of this training for employers includes: