- This event has passed.
Safety Integrity vs Cybersecurity Assurance Levels
November 18, 2021 @ 18:00 - 19:30 CET
Security and safety levels are needed due to two reasons: they are not binary attributes, where a system can be either safe or unsafe, or secure and un-secure, and also due to increased product complexity and costs associated with it, which requires different degrees of engineering effort.
From cross-industry SILs (Safety Integrity Levels) to Automotive SILs (ASILs), through military DALs (Development Assurance Levels), the integrity/assurance levels reflect different degrees of scrutiny to be applied during all development phases and are meant as a tool, as a convention, to refer to the same minimum set of engineering practices among different stakeholders, within same industry
In functional safety, they can be relatively easy bound to a risk, however cybersecurity risk is harder to estimate, since is more un-predictable. In order to address this issue, newly published ISO 21434 provides recommendations on a classification scheme, similar to ASILs, based on “Cybersecurity Assurance Levels”.
Methods are recommended along the same lines as in ISO 26262, without addressing post-production phases or referring to any specific technical security recommendations or different types of security strengths.