Environmental Engineering Reference
In-Depth Information
of security assessment for information technolo-
gies and determines a general technique of the
assessment, being a basis for assessment of security
features of information technologies. Furthermore,
an interconnection of high level security concepts
is provided, and also an interconnection of security
assessment concepts is reflected.
Moreover, the standard introduces require-
ments for a structure and content of security
functional components for security assessment.
A catalogue of functional elements, meeting
general requirements of security functionality
for many products from information technology
field, is provided.
Therefore, the standard is a set of criteria that
allows performing security assessment of infor-
mation technologies.
Nowadays the problem of cyber security
assessment and assurance for safety important
I&C systems, especially in a context of used
technologies, is not comprehensively solved due
to several objective reasons. One of such reasons
is insufficiently structured regulatory documents,
both local and international: there is no special
branch standard that covers cyber security aspects
of FPGA-based critical I&C systems. Moreover,
there are no strict interdependencies between
the above regulatory documents, their coverage
is insufficient, and the problem of their “branch
customization” is still challenging.
Therefore, it is possible to conclude that exist-
ing regulatory documents represent an evolving
area of regulatory requirements, try to cover the
intended areas without sufficient consideration of
related ones, and should be more detailed in terms
of appropriate approaches and their relationship
with the technologies.
of I&C systems for NPPs, on-board computer-
based systems, electronic medical systems, etc.
Moreover, FPGA technology is now being trend
in safety important systems implementation that
inevitably leads to new challenges in various
aspects of such systems design, operation and
maintenance requiring new approaches, tech-
niques and appropriate requirements.
The objective of this subsection is to provide a
review of practical problems concerning safety and
cyber security in modern I&C systems, including
those based on FPGA technology application. Such
review also involves threats related to trojans in
hardware and tools (in particular, in FPGA chips
and appropriate design tools used in development
of I&C systems for critical applications), which
can affect the functionality of hardware, as well as
review of possible countermeasures to such threats.
Safety and Security Aspects
One of the most important attributes of safety
important systems is dependability. Dependability
of a system is the ability to deliver required ser-
vices (or perform functions) that can justifiably
be trusted. Dependability is a complex attribute of
a safety important system that can be represented
by a set of primary attributes, including:
•
Reliability:
Continuity of correct (re-
quired) services.
•
Availability:
Readiness
for
correct
services.
•
Survivability:
Ability to minimize loss
of quality and to keep capacity of fulilled
functions under failures caused by internal
and external reasons.
•
Safety:
Absence of catastrophic conse-
quences for the user(s) and the environment.
•
Integrity:
Absence of improper system
alternations.
•
Conidentiality:
Absence of unauthorized
disclosure of information.
SAFETY AND SECURITY
CONCEPTS FOR I&C SYSTEMS
Nowadays safety important systems are widely
used by the world industry in various areas in forms
Search WWH ::
Custom Search