Security-Informed System Safety Engineering (SISSE)

--- A Training Course Jointly organized by Critical Systems Labs Inc. (Canada) and Advanced Digital Sciences Center (Singapore)

Date: May 29-31, 2017

Venue: Fusionopolis Connexis North Tower, Level 13, Potential Room, Singapore, 138632

Understanding how a cybersecurity attack could impact safety is an urgent priority across a variety of advanced technology domains including aerospace, autonomous and remotely operated vehicles, mass rapid transit, maritime, industrial robotics, defence, critical infrastructure, “smart” buildings, health information systems and medical devices. This 3-day intensive training course covers fundamental elements of an integrated approach to managing safety and cybersecurity risk for complex systems. In particular, this course focuses on how established system safety processes can be adapted to take account of cybersecurity threats. This training is intended for managers and engineering staff responsible for the development, maintenance and/or operation of safety-critical systems exposed to cybersecurity threats. Upon successful completion of this training, participants will be prepared to plan and execute a strategy to improve an organization’s capability to address the potential impact of cybersecurity threats on identified safety hazards.

Course Outline

Day 1
  • Introduction
  • Identifying the problem: how do cyber security incidents affect safety-critical systems?
  • Review of conventional system/software safety methodology and cyber security methodology
  • Survey of relevant standards and guidelines across industries
  • Introduction to a generic safety / cyber security engineering process
  • Guest lecture I
Day 2
  • Identifying security scope
  • Combined safety / cyber security analysis techniques
  • Security risk assessments methods
  • Interaction of safety requirements with cyber security requirements
  • Safety vs security impact on system / software architecture and design decisions
  • Safety vs security software assurance actions
  • Guest lecture II
Day 3
  • Cybersecurity verification for a safety-critical system
  • Assurance cases for safety-critical Systems with cybersecurity vulnerabilities
  • Managing safety and cybersecurity risks over the lifecycle of a system
  • Summary
  • Assessment (optional)