Combining Data Safety and Cyber Security: An

Transcript:Combining Data Safety and Cyber Security: An:
Combining Data Safety and Cyber Security: An Equipment Health Monitoring Case Study Robert Oates, Rolls-Royce Software Centre of Excellence David Higgins, Dstl Software and Systems Dependability Private – Rolls-Royce Proprietary Information Talk Roadmap Risk as an input to development Equipment Health Monitoring Data-centric Safety/Security Risk Assessment Conclusions Q&A 2 Point to Note There is no a single process We are not intending to come up with a single process. Focus here is on interactions Looking to better understand ‘how / where / when / what’ aspects interact This is initial work into this area. Feedback is most welcome 3 ISO 31000 Style Risk Driven Development 4 Establish context (Section 4 – Establish Context) Acceptable risk Finish Start Unacceptable risk Text in bold refers to the relevant Data Safety Chapter Impact For every data artefact: What happens if I lose the property of… 5 Disposability / Deletability Properties for a cyber security assessment (Microsoft SDL) Properties for a data safety assessment (SCSC) i.e. Strong links between security properties and safety properties Likelihood Divergence for safety/security Security - Technical capability required to undermine property - Motivation and capability of threat actors to achieve impact - Political/social issues Safety - Historical data pertaining to failure rates - Media properties (error rate etc.) - Environmental conditions 6 An Introduction to Equipment Health Monitoring 7 What is EHM? 8 Determining state by using sensed data Analysing the data to determine health Accurate fault isolation for efficient maintenance Predicting future faults and deteriorating health and proposing maintenance actions to prevent disruption EHM is generally not a Safety Critical System itself – however, it is a highly data centric system used to inform safety related decisions. An Introduction to Equipment Health Monitoring 9 Application Domain Process Domain Application Domain Example – Rolls-Royce Trent 1000 SAGB AVM P160 TBH AVM P50 T50 I/C AVMs EMU Input: Messages from other avionics systems EMU Output: Obfuscated health reports to ground Aerospace EHM Model 11 engine data A Combined Safety/Security Risk Assessment “Data centric” viewpoints into system quality factors Shared intent: prevent harm Risk-driven Initiate design change Controls & Analyses are proportionate to risks Design Principles 12 Safety Security Data Safety Cyber Security Data Artefacts Involved in Providing EHM Services Data at rest Raw sensor data Externally sourced data Local data aggregates Analytical algorithms Signatures of interest Mass-storage Decisions Data Transportation Digital Packets Analogue Transmissions Portable media Bespoke Network Protocols 13