Security vs. safety: Why do people die despite good safety?

Nicolai Kuntze, Carsten Rudolph, Brooke Brisbois, Megan Boggess, Barbara Endicott-Popovsky, Sally Leivesley

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

1 Citation (Scopus)

Abstract

This paper will show in detail the differences between safety and security. An argument is made for new system design requirements based on a threat sustainable system (TSS) drawing on threat scanning, flexibility, command and control, system of systems, human factors and population dependencies. Principles of sustainability used in historical design processes are considered alongside the complex changes of technology and emerging threat actors. The paper recognises that technologies and development methods for safety do not work for security. Safety has the notion of a one or two event protection, but cyber-attacks are multi-event situations. The paper recognizes that the behaviour of interconnected systems and modern systems requirements for national sustainability. System security principles for sustainability of critical systems are considered in relation to failure, security architecture, quality of service, authentication and trust and communication of failure to operators. Design principles for operators are discussed along with recognition of human factors failures. These principles are then applied as the basis for recommended changes in systems design and discuss system control dominating the hierarchy of design decisions but with harmonization of safety requirements up to the level of sustaining security. These new approaches are discussed as the basis for future research on adaptive flexible systems that can sustain attacks and the uncertainty of fast-changing technology.
Original languageEnglish
Title of host publicationICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings
Subtitle of host publicationApril 23-23 2015 Herndon, VA
EditorsMichael Schnell, Roy Oishi
Place of PublicationNew York NY USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
PagesA4-1-A4-10
Number of pages10
Volume13
ISBN (Print)9781479989522
DOIs
Publication statusPublished - 2015
Externally publishedYes
EventAnnual Integrated Communication, Navigation and Surveillance Conference (ICNS 2015) - Westin Washington Dulles Airport Hotel, Herdon, United States of America
Duration: 21 Apr 201523 Apr 2015
Conference number: 15th

Conference

ConferenceAnnual Integrated Communication, Navigation and Surveillance Conference (ICNS 2015)
Abbreviated titleICNS 2015
CountryUnited States of America
CityHerdon
Period21/04/1523/04/15

Cite this

Kuntze, N., Rudolph, C., Brisbois, B., Boggess, M., Endicott-Popovsky, B., & Leivesley, S. (2015). Security vs. safety: Why do people die despite good safety? In M. Schnell, & R. Oishi (Eds.), ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings: April 23-23 2015 Herndon, VA (Vol. 13, pp. A4-1-A4-10). [7121276] New York NY USA: IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/ICNSURV.2015.7121213
Kuntze, Nicolai ; Rudolph, Carsten ; Brisbois, Brooke ; Boggess, Megan ; Endicott-Popovsky, Barbara ; Leivesley, Sally. / Security vs. safety : Why do people die despite good safety?. ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings: April 23-23 2015 Herndon, VA. editor / Michael Schnell ; Roy Oishi. Vol. 13 New York NY USA : IEEE, Institute of Electrical and Electronics Engineers, 2015. pp. A4-1-A4-10
@inproceedings{eef1955571114884abbba55cec7d83da,
title = "Security vs. safety: Why do people die despite good safety?",
abstract = "This paper will show in detail the differences between safety and security. An argument is made for new system design requirements based on a threat sustainable system (TSS) drawing on threat scanning, flexibility, command and control, system of systems, human factors and population dependencies. Principles of sustainability used in historical design processes are considered alongside the complex changes of technology and emerging threat actors. The paper recognises that technologies and development methods for safety do not work for security. Safety has the notion of a one or two event protection, but cyber-attacks are multi-event situations. The paper recognizes that the behaviour of interconnected systems and modern systems requirements for national sustainability. System security principles for sustainability of critical systems are considered in relation to failure, security architecture, quality of service, authentication and trust and communication of failure to operators. Design principles for operators are discussed along with recognition of human factors failures. These principles are then applied as the basis for recommended changes in systems design and discuss system control dominating the hierarchy of design decisions but with harmonization of safety requirements up to the level of sustaining security. These new approaches are discussed as the basis for future research on adaptive flexible systems that can sustain attacks and the uncertainty of fast-changing technology.",
author = "Nicolai Kuntze and Carsten Rudolph and Brooke Brisbois and Megan Boggess and Barbara Endicott-Popovsky and Sally Leivesley",
year = "2015",
doi = "10.1109/ICNSURV.2015.7121213",
language = "English",
isbn = "9781479989522",
volume = "13",
pages = "A4--1--A4--10",
editor = "Michael Schnell and Roy Oishi",
booktitle = "ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
address = "United States of America",

}

Kuntze, N, Rudolph, C, Brisbois, B, Boggess, M, Endicott-Popovsky, B & Leivesley, S 2015, Security vs. safety: Why do people die despite good safety? in M Schnell & R Oishi (eds), ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings: April 23-23 2015 Herndon, VA. vol. 13, 7121276, IEEE, Institute of Electrical and Electronics Engineers, New York NY USA, pp. A4-1-A4-10, Annual Integrated Communication, Navigation and Surveillance Conference (ICNS 2015), Herdon, United States of America, 21/04/15. https://doi.org/10.1109/ICNSURV.2015.7121213

Security vs. safety : Why do people die despite good safety? / Kuntze, Nicolai; Rudolph, Carsten; Brisbois, Brooke; Boggess, Megan; Endicott-Popovsky, Barbara; Leivesley, Sally.

ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings: April 23-23 2015 Herndon, VA. ed. / Michael Schnell; Roy Oishi. Vol. 13 New York NY USA : IEEE, Institute of Electrical and Electronics Engineers, 2015. p. A4-1-A4-10 7121276.

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

TY - GEN

T1 - Security vs. safety

T2 - Why do people die despite good safety?

AU - Kuntze, Nicolai

AU - Rudolph, Carsten

AU - Brisbois, Brooke

AU - Boggess, Megan

AU - Endicott-Popovsky, Barbara

AU - Leivesley, Sally

PY - 2015

Y1 - 2015

N2 - This paper will show in detail the differences between safety and security. An argument is made for new system design requirements based on a threat sustainable system (TSS) drawing on threat scanning, flexibility, command and control, system of systems, human factors and population dependencies. Principles of sustainability used in historical design processes are considered alongside the complex changes of technology and emerging threat actors. The paper recognises that technologies and development methods for safety do not work for security. Safety has the notion of a one or two event protection, but cyber-attacks are multi-event situations. The paper recognizes that the behaviour of interconnected systems and modern systems requirements for national sustainability. System security principles for sustainability of critical systems are considered in relation to failure, security architecture, quality of service, authentication and trust and communication of failure to operators. Design principles for operators are discussed along with recognition of human factors failures. These principles are then applied as the basis for recommended changes in systems design and discuss system control dominating the hierarchy of design decisions but with harmonization of safety requirements up to the level of sustaining security. These new approaches are discussed as the basis for future research on adaptive flexible systems that can sustain attacks and the uncertainty of fast-changing technology.

AB - This paper will show in detail the differences between safety and security. An argument is made for new system design requirements based on a threat sustainable system (TSS) drawing on threat scanning, flexibility, command and control, system of systems, human factors and population dependencies. Principles of sustainability used in historical design processes are considered alongside the complex changes of technology and emerging threat actors. The paper recognises that technologies and development methods for safety do not work for security. Safety has the notion of a one or two event protection, but cyber-attacks are multi-event situations. The paper recognizes that the behaviour of interconnected systems and modern systems requirements for national sustainability. System security principles for sustainability of critical systems are considered in relation to failure, security architecture, quality of service, authentication and trust and communication of failure to operators. Design principles for operators are discussed along with recognition of human factors failures. These principles are then applied as the basis for recommended changes in systems design and discuss system control dominating the hierarchy of design decisions but with harmonization of safety requirements up to the level of sustaining security. These new approaches are discussed as the basis for future research on adaptive flexible systems that can sustain attacks and the uncertainty of fast-changing technology.

UR - http://www.scopus.com/inward/record.url?scp=84938767874&partnerID=8YFLogxK

U2 - 10.1109/ICNSURV.2015.7121213

DO - 10.1109/ICNSURV.2015.7121213

M3 - Conference Paper

SN - 9781479989522

VL - 13

SP - A4-1-A4-10

BT - ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings

A2 - Schnell, Michael

A2 - Oishi, Roy

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - New York NY USA

ER -

Kuntze N, Rudolph C, Brisbois B, Boggess M, Endicott-Popovsky B, Leivesley S. Security vs. safety: Why do people die despite good safety? In Schnell M, Oishi R, editors, ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings: April 23-23 2015 Herndon, VA. Vol. 13. New York NY USA: IEEE, Institute of Electrical and Electronics Engineers. 2015. p. A4-1-A4-10. 7121276 https://doi.org/10.1109/ICNSURV.2015.7121213