Author(s)

S. Paul

Abstract

Safety engineering traditionally leaves out malevolent behaviour. Recent attacks in safety-critical domains, e.g. 9/11, Stuxnet, have definitely changed the game. The academic safety engineering community is addressing the issue through a significant amount of publications and workshops. The industrial safety standardisation communities are addressing the issue by revisiting safety standards or elaborating new cybersecurity standards to seamlessly cope with IT security threats that can have an impact, direct or indirect, on safety. Regulation is also increasing. However, because the security for safety approach is not a simple juxtaposition of safety and cybersecurity processes and techniques, and despite all this hustle and bustle by academic and industrial communities, it is still very difficult to precisely define what is meant by security for safety. In this paper we analyse this would-be seamless integration of security engineering activities into the safety engineering world, and we discuss the areas in which a lot of fuzziness still remains.

Keywords

safety, cybersecurity, engineering