PRESENTATION:

“Safety Integrity vs Cybersecurity assurance levels”

Security and safety levels are needed due to two reasons: they are not binary attributes, where a system can be either safe or unsafe, or secure and un-secure, and also due to increased product complexity and costs associated with it, which requires different degrees of engineering effort.From cross-industry SILs (Safety Integrity Levels) to Automotive SILs (ASILs), through military DALs (Development Assurance Levels), the integrity/assurance levels reflect different degrees of scrutiny to be applied during all development phases and are meant as a tool, as a convention, to refer to the same minimum set of engineering practices among different stakeholders, within same industryIn functional safety, they can be relatively easy bound to a risk, however cybersecurity risk is harder to estimate, since is more un-predictable. In order to address this issue, newly published ISO 21434 provides recommendations on a classification scheme, similar to ASILs, based on “Cybersecurity Assurance Levels”.Methods are recommended along the same lines as in ISO 26262, without addressing post-production phases or referring to any specific technical security recommendations or different types of security strengths.

ABOUT THE PRESENTER:

Bogdan Gradinaru

Bogdan studied electronics in Iasi, Romania and has over 14 years’ experience in embedded systems programming. Since seven years he has been a functional safety expert, mainly in the automotive industry, but also for railway and machinery industries, where he tackled a wide range of aspects, like assessments, audits, coaching and trainings as well as management and engineering consulting. clockworkX GmbH is a small start-up having around 10 employees, focused on 2 areas of activities: safe/secure systems and predictive/reliable operations. It’s main areas of activities are customer consultancy, mainly in the automotive domain, but also in railway, medical and renewable energy industry fields, and tool-supported predictive maintenance. At clockworkX Bodgan is the Head of Cybersecurity, consulting customers mainly on projects related to risk assessments, TARA and cybersecurity management. His personal interests consist of journalism and socio-politics lectures, which also determined his passion to organize trainings, discussion sessions, to share ideas and to teach other people.