Für die Optimierung dieser Website verwenden wir Cookies. Durch die weitere Nutzung stimmen Sie der Verwendung von Cookies zu: Cookies akzeptieren. Weitere Informationen finden Sie hier.
Bitte aktivieren Sie das Setzen von Cookies für diese Website.

Mitteilungen und Termine Vector Consulting Services GmbH

News & Termine

Vector Keynote at VDI Transmission/Drivetrain Congress (Bonn, 5. July 2017)

VDI Drivetrain - International Transmisson Congress

Vector keynote on Cyber Security

Date: Wed. 5. July 2017
Location: Bonn, Germany

Keynote: Risk-Oriented Security Engineering

Christof Ebert, Vector Consulting Services

Safety needs Security. Functional safety and cyber security are increasingly converging. Critical functions with back-end and cloud services require that safety is considered together with security. Functional safety requires cyber security, whether it comes to vehicles, medical technology and automation. Here are requirements for safety and thus a comprehensible with consistent and continuous Requirements Engineering at its center. The aim of the integrated development of Safety and Security is to develop functions that react as robust as possible on technical and human errors as well as external attacks and so limit the risk of hazardous situations to an acceptable level.

Risk-oriented security addresses security risk in a "best-possible" way, thus balancing the critical needs for robustness and hardening systems, while balancing cost trade-off. We orient our approach towards alignment with functional safety, thus combining principlesd of TARA with HARA and achieving a cost-efficient solution.

With risk-oriented security, safety-critical solutions are systematically developes and evaluated for functional safety and cyber security in parallel. Methodological procedures for ensuring consistency, traceability, verification, testing and modeling guidance should be applied together. Procedures such as "Common Criteria" in information technology can be extended for functional safety and specific applications - and are thus cost-reflective. A semiformal specification of safety and security requirements together with a suitable tool support helps to keep the complexity and expenses manageable.

Our presentation shows with practical industry experience of Vector and Hella how the dependencies and interactions between safety and security requirements in Safety-Security Engineering methodically and systematically be considered. First, we describe a practical approach to the safety requirements. We limit these excerpts deliberately to the creation of the security functional requirements, as the early stages are characteristic for the rest of the procedure. On this basis we integrate development for safety and security requirements. The advantages of an integrated safety and security engineering methodology are illustrated tool based on a specific example.

This presentation provides a good overview of the methodology and state of the art of Securty Engineering. Many lessons learned from practical help to transfer to your own environment. Come meet our Vector experts and discuss your chalenges.

Target audience:
Engineers, safety and security experts, architects, developers, project managers

Pre-Conditions:
Basic knowledge of Safety and Security

Benefits for audience:

  • Overview of the methodology and state of the art for safety- and security-oriented Engineering
  • Industrial experience from different sectors help to transfer in their own environment
  • Specific application examples and tips show the pitfalls as well as the methodology is implemented effectively.


Agenda:
1) Motivation, introduction to the topic and challenges
2) development of safety and security requirements
3) Interactive Case Study
4) examination and consistent implementation
5) practical example to transmission and drive-train
6) experiences, benefits and best practices
7) implementation in their own practice

Authors:

Christof Ebert is managing director at Vector. He helps companies worldwide to improve their product development and product strategy, and change management. Previously, he worked for ten years in international management positions, most recently with worldwide responsibility for software platforms. Prof. Dr. Ebert sits on various supervisory boards, teaches at the University of Stuttgart and Sorbonne in Paris, and is author of the German standard book "Systematic Requirements Engineering".

Read our white papers and experience reports on Safety and Cyber Security