4 / 2018-03-30 23:07:47

Current Challenges of the joint consideration of Functional Safety & Cybersecurity and Interoperability and their impact on organizations

Technical trends, Legal basics, Responsibilities of Management, Conformity Requirements / Compliance,DDifferences of Office + technical IT, Lifecycle, Management Systems, Risk assessment,RAMS Management, Codes and Standards, Safety analysis and management

2018-03-29
Jochen Link, Karl Waedt, Ines Ben Zid, Xinxin Lou

Current Challenges of the joint consideration of Functional Safety & Cybersecurity and Interoperability and their impact on organizations

Autonomous driving (especially Level Four – High Automation and Level Six – Complete Automation) and autonomous flight systems, e.g. Lilium (electric vertical take-off and landing jet) are already implemented either as prototypes from different vendors or as embedded high-power computing capability in road vehicles, with real-time software functionality being added over the air.
The development of these emerging automation technologies takes place in cloud environments. The data collected by the partially autonomous vehicles can (and by some vendors is) continuously collected, anonymized and then mined by layered and distributed big data systems (IEC 20547-x on Big Data Reference Architecture, currently being elaborated). Based on the collected big data, Artificial Intelligence, especially Machine Learning, are used to improve the autonomous behavior, including functional safety related risk reduction. Similarly, for robots of Industry 4.0, of Manufactured in China 2025 and of IIoT, beyond the functional safety and cybersecurity requirements, the interoperability as part of the smart manufacturing has to be considered. This includes the smart exchange of data between robots but also the exchange of “contracts” and the responsibility and accountability related to potential worst case impacts.
New technologies, like Edge Computing (for scalability of signal processing), Application Security Controls (for semi-formal representations in Application Normative Frameworks ISO/IEC 27034) are emerging in different industry domains and are covered by different standardization bodies.

In this paper we will try to provide an overview as introduction on what kind of challenges are up-coming and what kind of organizational challenges we have to solve in companies to fulfill the requirements of projects.
The complexity of products and projects are increasing and therefore we need a better understanding of the different domains of a project. That is a challenge for the organization and can be solved by an integrated organization.
The interconnection and integration of different domains within a project needs to understand the motivation of the different domains integrated within a project.
E.g. the motivation for Security (based on 27001 -China: GB/T 22080- e.g. for ERP systems) reasons were triggered by legal requirements and the possibility of financial losses. The motivation of Security for functional safety is triggered by product safety and the legal requirements to protect technical systems based on state of the art.
The responsibility of the CEO or business management of a company is to manage and to fulfill all legal requirements needed. Compliance is not only a domain of financial regulations. Technical compliance has an similar impact on the risk management of a company. Technical compliance is important in the domain of product develoment and how to operate technical equipment.
What is Compliance ? Compliance is defined as the state or fact of according with or meeting rules or standards (Oxford dictionary).

Not „wiling“ departments of a company can be motivated by the knowledge of the responsibilities of an organization.
IT and product stategy of an company is not only needed for office IT applications. Well known are IT-Management systemes based on ISO 27001. A similar management system is needed for the technical IT based on IEC 62443-2-1 -China: partly GB/T 30976- . The integration of both management systems can help to optimize the organization.

The project SINO German tries to compare standards in the field of safety and security including organziational requiremens for industry 4.0 (Top-Down: Business to Asset Layer). The organizational requirements for industry 4.0 are similar like for safety and security.
In the domain of safety and security an integrated organization, well defined and existing processes, for Hardware and Software development are helpful. To fulfill security requirements during the product development process and during operation well defined processes (CMMI level) are necessary.
Despite the title of this contribution, if we have activities from bottom-up, to say what is needed to
have e.g. a more effecitve product development that could be helpful for optimization of the organziation top down.
Further aspects:
Technical understanding of a safety system will become much more important during operation for detection of deviation out of security reasons.
Complexity of technical systems is increasing and we have to coordinate more complexity in a shorter time.
What we need is an integrated understanding of the responsibilities of a company and requirements we have to fulfill for product development and operation. Digitalisation and interconnection needs more than domain specific thinking in hardware or software. General processes out of the domain of quality management can help but will not solve to understand technical interrelations.






We will provide a presentation including slides describing:
Examples of technical development

Short introduction of legal basics for products
Duties and responsibilities of management
Conformity of requirements / Compliance
Fundamental differences of office and technical IT
Processes and Lifecycle
Management systems and organization
Risk assessment as an integrated approach
Conclusion out of the scissors of time

Authors will be:
Jochen Link
Dipl.-Ing.(TH), Dipl.-Wirt.-Ing.(FH)
ING-LINK engineering office
Spraulache 14
D- 68782 Bruehl (Germany)
eMail: jlink@ing-link.de
www.ing-link.de

Dr. Karl WAEDT
Framatome GmbH ICPGDA
Concepts & Architecture / Cybersecurity
Henri-Dunant-Str. 50, 91058 Erlangen
Phone +49 9131 900-92588
Mobile +49 151 22307518
Ines Ben Zid
PhD Candidate / Cybersecurity
Framatome GmbH
Henri-Dunant-Str. 50, 91058 Erlangen
Phone: +49 9131 900-94307

Xinxin Lou
PhD Candidate / Cybersecurity
Framatome GmbH
Henri-Dunant-Str. 50, 91058 Erlangen
Phone: +49 9131 900-93552