Security vs. safety: Why do people die despite good safety?

Nicolai Kuntze; Carsten Rudolph; Brooke Brisbois; Megan Boggess; Barbara Endicott-Popovsky; Sally Leivesley

doi:10.1109/ICNSURV.2015.7121213

Security vs. safety: Why do people die despite good safety?

Nicolai Kuntze, Carsten Rudolph, Brooke Brisbois, Megan Boggess, Barbara Endicott-Popovsky, Sally Leivesley

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

4 Citations (Scopus)

Abstract

This paper will show in detail the differences between safety and security. An argument is made for new system design requirements based on a threat sustainable system (TSS) drawing on threat scanning, flexibility, command and control, system of systems, human factors and population dependencies. Principles of sustainability used in historical design processes are considered alongside the complex changes of technology and emerging threat actors. The paper recognises that technologies and development methods for safety do not work for security. Safety has the notion of a one or two event protection, but cyber-attacks are multi-event situations. The paper recognizes that the behaviour of interconnected systems and modern systems requirements for national sustainability. System security principles for sustainability of critical systems are considered in relation to failure, security architecture, quality of service, authentication and trust and communication of failure to operators. Design principles for operators are discussed along with recognition of human factors failures. These principles are then applied as the basis for recommended changes in systems design and discuss system control dominating the hierarchy of design decisions but with harmonization of safety requirements up to the level of sustaining security. These new approaches are discussed as the basis for future research on adaptive flexible systems that can sustain attacks and the uncertainty of fast-changing technology.

Original language	English
Title of host publication	ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings
Subtitle of host publication	April 23-23 2015 Herndon, VA
Editors	Michael Schnell, Roy Oishi
Place of Publication	New York NY USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	A4-1-A4-10
Number of pages	10
Volume	13
ISBN (Print)	9781479989522
DOIs	https://doi.org/10.1109/ICNSURV.2015.7121213
Publication status	Published - 2015
Externally published	Yes
Event	Annual Integrated Communication, Navigation and Surveillance Conference (ICNS 2015) - Westin Washington Dulles Airport Hotel, Herdon, United States of America Duration: 21 Apr 2015 → 23 Apr 2015 Conference number: 15th

Conference

Conference	Annual Integrated Communication, Navigation and Surveillance Conference (ICNS 2015)
Abbreviated title	ICNS 2015
Country/Territory	United States of America
City	Herdon
Period	21/04/15 → 23/04/15

Access to Document

10.1109/ICNSURV.2015.7121213

Cite this

Kuntze, N., Rudolph, C., Brisbois, B., Boggess, M., Endicott-Popovsky, B., & Leivesley, S. (2015). Security vs. safety: Why do people die despite good safety? In M. Schnell, & R. Oishi (Eds.), ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings: April 23-23 2015 Herndon, VA (Vol. 13, pp. A4-1-A4-10). Article 7121276 IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/ICNSURV.2015.7121213

Kuntze, Nicolai ; Rudolph, Carsten ; Brisbois, Brooke et al. / Security vs. safety : Why do people die despite good safety?. ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings: April 23-23 2015 Herndon, VA. editor / Michael Schnell ; Roy Oishi. Vol. 13 New York NY USA : IEEE, Institute of Electrical and Electronics Engineers, 2015. pp. A4-1-A4-10

@inproceedings{eef1955571114884abbba55cec7d83da,

title = "Security vs. safety: Why do people die despite good safety?",

abstract = "This paper will show in detail the differences between safety and security. An argument is made for new system design requirements based on a threat sustainable system (TSS) drawing on threat scanning, flexibility, command and control, system of systems, human factors and population dependencies. Principles of sustainability used in historical design processes are considered alongside the complex changes of technology and emerging threat actors. The paper recognises that technologies and development methods for safety do not work for security. Safety has the notion of a one or two event protection, but cyber-attacks are multi-event situations. The paper recognizes that the behaviour of interconnected systems and modern systems requirements for national sustainability. System security principles for sustainability of critical systems are considered in relation to failure, security architecture, quality of service, authentication and trust and communication of failure to operators. Design principles for operators are discussed along with recognition of human factors failures. These principles are then applied as the basis for recommended changes in systems design and discuss system control dominating the hierarchy of design decisions but with harmonization of safety requirements up to the level of sustaining security. These new approaches are discussed as the basis for future research on adaptive flexible systems that can sustain attacks and the uncertainty of fast-changing technology.",

author = "Nicolai Kuntze and Carsten Rudolph and Brooke Brisbois and Megan Boggess and Barbara Endicott-Popovsky and Sally Leivesley",

year = "2015",

doi = "10.1109/ICNSURV.2015.7121213",

language = "English",

isbn = "9781479989522",

volume = "13",

pages = "A4--1--A4--10",

editor = "Michael Schnell and Roy Oishi",

booktitle = "ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States of America",

note = "Annual Integrated Communication, Navigation and Surveillance Conference (ICNS 2015), ICNS 2015 ; Conference date: 21-04-2015 Through 23-04-2015",

}

Kuntze, N, Rudolph, C, Brisbois, B, Boggess, M, Endicott-Popovsky, B & Leivesley, S 2015, Security vs. safety: Why do people die despite good safety? in M Schnell & R Oishi (eds), ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings: April 23-23 2015 Herndon, VA. vol. 13, 7121276, IEEE, Institute of Electrical and Electronics Engineers, New York NY USA, pp. A4-1-A4-10, Annual Integrated Communication, Navigation and Surveillance Conference (ICNS 2015), Herdon, Virginia, United States of America, 21/04/15. https://doi.org/10.1109/ICNSURV.2015.7121213

Security vs. safety: Why do people die despite good safety? / Kuntze, Nicolai; Rudolph, Carsten; Brisbois, Brooke et al.
ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings: April 23-23 2015 Herndon, VA. ed. / Michael Schnell; Roy Oishi. Vol. 13 New York NY USA: IEEE, Institute of Electrical and Electronics Engineers, 2015. p. A4-1-A4-10 7121276.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

TY - GEN

T1 - Security vs. safety

T2 - Annual Integrated Communication, Navigation and Surveillance Conference (ICNS 2015)

AU - Kuntze, Nicolai

AU - Rudolph, Carsten

AU - Brisbois, Brooke

AU - Boggess, Megan

AU - Endicott-Popovsky, Barbara

AU - Leivesley, Sally

N1 - Conference code: 15th

PY - 2015

Y1 - 2015

N2 - This paper will show in detail the differences between safety and security. An argument is made for new system design requirements based on a threat sustainable system (TSS) drawing on threat scanning, flexibility, command and control, system of systems, human factors and population dependencies. Principles of sustainability used in historical design processes are considered alongside the complex changes of technology and emerging threat actors. The paper recognises that technologies and development methods for safety do not work for security. Safety has the notion of a one or two event protection, but cyber-attacks are multi-event situations. The paper recognizes that the behaviour of interconnected systems and modern systems requirements for national sustainability. System security principles for sustainability of critical systems are considered in relation to failure, security architecture, quality of service, authentication and trust and communication of failure to operators. Design principles for operators are discussed along with recognition of human factors failures. These principles are then applied as the basis for recommended changes in systems design and discuss system control dominating the hierarchy of design decisions but with harmonization of safety requirements up to the level of sustaining security. These new approaches are discussed as the basis for future research on adaptive flexible systems that can sustain attacks and the uncertainty of fast-changing technology.

AB - This paper will show in detail the differences between safety and security. An argument is made for new system design requirements based on a threat sustainable system (TSS) drawing on threat scanning, flexibility, command and control, system of systems, human factors and population dependencies. Principles of sustainability used in historical design processes are considered alongside the complex changes of technology and emerging threat actors. The paper recognises that technologies and development methods for safety do not work for security. Safety has the notion of a one or two event protection, but cyber-attacks are multi-event situations. The paper recognizes that the behaviour of interconnected systems and modern systems requirements for national sustainability. System security principles for sustainability of critical systems are considered in relation to failure, security architecture, quality of service, authentication and trust and communication of failure to operators. Design principles for operators are discussed along with recognition of human factors failures. These principles are then applied as the basis for recommended changes in systems design and discuss system control dominating the hierarchy of design decisions but with harmonization of safety requirements up to the level of sustaining security. These new approaches are discussed as the basis for future research on adaptive flexible systems that can sustain attacks and the uncertainty of fast-changing technology.

UR - https://www.scopus.com/pages/publications/84938803271

U2 - 10.1109/ICNSURV.2015.7121213

DO - 10.1109/ICNSURV.2015.7121213

M3 - Conference Paper

SN - 9781479989522

VL - 13

SP - A4-1-A4-10

BT - ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings

A2 - Schnell, Michael

A2 - Oishi, Roy

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - New York NY USA

Y2 - 21 April 2015 through 23 April 2015

ER -

Kuntze N, Rudolph C, Brisbois B, Boggess M, Endicott-Popovsky B, Leivesley S. Security vs. safety: Why do people die despite good safety? In Schnell M, Oishi R, editors, ICNS 2015 - Innovation in Operations, Implementation Benefits and Integration of the CNS Infrastructure - Conference Proceedings: April 23-23 2015 Herndon, VA. Vol. 13. New York NY USA: IEEE, Institute of Electrical and Electronics Engineers. 2015. p. A4-1-A4-10. 7121276 doi: 10.1109/ICNSURV.2015.7121213

Security vs. safety: Why do people die despite good safety?

Abstract

Conference

Access to Document

Other files and links

Cite this