Bridging Safety and Cybersecurity
In parallel with the increasingly interconnected nature of electronic and software systems, there is an ever increasing risk of unauthorized access or malicious attacks focusing on critical systems and networks. A conventional approach to managing cybersecurity risk may fail to take into account the effects that a compromised component could have on the safety of the entire system. With a deep understanding of the linkages between security and safety, CSL helps clients identify and assess the cause-effect relationship between system security vulnerabilities and safety hazards.
CSL works with clients to bridge the gap between traditional safety and security approaches in the design of safety-critical systems to integrate and enhance their cyber defense capabilities and use their security budgets most effectively. CSL has contributed to the development of recommendations and guidance material intended to integrate system and software safety processes with security processes in network technologies used on board aircraft, for CNS/ATM systems, air carrier operations and maintenance, and "big data" systems.
Some of the services CSL offers:
- Expertise in RTCA DO-326A (Airworthiness Security Process Specification)
- Expertise in RTCA DO-355 (Information Security Guidance for Continuing Airworthiness)
- Threat assessment of security-related sources of risk (physical, procedural, cultural)
- Design and review of security policies, procedures and guidelines following industry best practices
- Review of critical service and information security architecture to help establish and maintain a secure environment
- Review of critical infrastructure from both safety and security perspectives to help understand the existing technology framework
- Development and integration of cyber defence capability and culture
- Reconciliation of security requirements with functional requirements
- Extension of established system/software safety processes to include cybersecurity