Safety and Security - Required for systems you have to trust
Security cannot be retrofitted into an existing industrial or even medical networked embedded system. If a weak point gets known - or even worse is already in the press - retrofitting measures against manipulations or sabotage are only an expensive attempt to mask a gap, but rarely a real solution. If the system is already running, it is too late for a rework of its architecture.
Security must be equally considered as functional safety: from the the very beginning of the lifecycle of the product, and must be kept at the state of the art until the very end of it.
Risk management needs to provide measurements which recognize, prevent and correct against security breaches. What are the major differences to the well-known principles in functional safety? What will be the main challenges for suppliers of industrial and medical devices for the future?
In this presentation, we will see the different approaches for safety and security based on a case study. Also an initial sketch for a security action planning is developed. The use case shows an typical system for continuous perfusion of liquid drugs in a networked environment. It is used for presentation of the challenges of potential harmful medical products.