There are several reasons for that:
- Best practises for cyber security in many cases are contradicting best practises for system safety. One example is the practise to implement software security patches in a timely manner after vulnerabilities get published, which is contradicting the safety best practise of keeping a thoroughly tested and documented system unchanged until a new formally verified and documented release is installed.
- Technical systems often have a lifetime of 15 or even 20 years, containing components which were developed long ago and don’t support software hardening well. Other measures must be found to make the system acceptably secure.
- Security is not a static property of a technical system, it is a quality, which must be managed day-by-day with a focus on systems, processes and staff. For safety-relevant services the handling of exceptions adds additional challenges: Often, “fail safe” contradicts “fail secure”.
The demand for solutions to integrate security concepts into safety defines one of the research focus of Frequentis together with its end-user partners, research partners and industry partners. It comprises: integrated safety & security system architectures and design patterns, hardware based solutions for the separation of security zones, encryption of critical real-time media streams (such as voice, video, sensor data) and hardening of system components.
In addition to the providers of safety relevant services, organisations responsible for national cyber crisis management and cyber defence are getting new, overarching responsibilities on a national level by new legal provisions. They are responsible for defending the vital infrastructures and for managing crisis situations in case of an attack with severe consequences.
As control room vendor for many different domains in the physical world, Frequentis is transforming its experience now into the cyber space. Together with selected customers, specialised research and industry partners, the company focus is on research of solutions for national cyber crisis management and defence, covering overarching situational awareness, decision support and incident management for the protection of vital infrastructures. With that agenda we contribute to the EU H2020 Project SATIE that focuses on cyber security and physical security at airports.