SAFETY VS. SECURITY?

摘要

The concepts of safety and security have a lot in common, but nevertheless two faculties have developed with a certain degree of rivalry between them. Security people maintain that the safety people are just a gang of old men who are unwilling to learn something new, the safety people retaliate that the security people are youngsters who haven't realized that they're re-inventing the wheel! Certainly there is a communication problem between the two groups: each has developed its own vocabulary for similar - or even identical - concepts, which at least produces confusion. In this paper, some of the common properties and differences between terms and techniques in the two communities are discussed with the aim of reconciling potential conflicts and exploring potential for cooperation, convergence and mutual benefits. We concentrate on the context of information technology, i.e. safety related software and information security. The underlying concepts of safety and security are indeed not identical, they're complementary. In both cases we have a "system" in an environment. The system might be able to have an undesirable effect on its environment, but the environment can equally well have an undesirable effect on the system. The inability of the system to affect its environment in an undesirable way is usually called safety; the inability of the environment to affect the system in an undesirable way is usually called security. Depending on the type of system, its environment and the types of undesirable effects one can have on the other we get a multitude of definitions for safety and security. While safety related software aims at protecting life, health and the natural environment from any damage the system may cause, within information security the main goal is to protect the confidentiality, integrity and availability of information in the system. Safety focuses on unintentional events, while security also focuses on threats coming from outside the system, often caused by malicious parties. These differences result in different foundations for prioritizing solutions. A closer cooperation between safety and security experts will cover both unintentional and intentional events. When analyzing the risks for an IT-system one should focus on the whole picture - including both safety and security, not just one or the other. By doing so one obtains a complete overview of potential threats/hazards towards a system. The techniques used in software safety have been around for quite some time and are well established and tested. Some of these techniques may be useful also for security people who may thus benefit from the experiences of the safety community. On the other hand, there are also security techniques that will become significant for the safety community. For example, in the near future we will see more use of open communication networks for remote control of industrial and transportation applications. When vitally important commands are transmitted through such open networks, security techniques such as encryption and access control will become indispensable for safety. Security techniques will have to become an integral part of safety thinking. Software safety and information security are not separate issues. Information security breaches can compromise the ability of software to function safely, or they can enable misuse of safe software in an unsafe way. Safety breaches can make information security impossible. As such, both sides stand to benefit from closer cooperation. To enable cooperation one needs to reach an agreement on which terms to use and how to interpret them, and also on what techniques to use. Although the safety field has a longer track record, to be able to cover both aspects one needs to adopt techniques from both fields - or possibly merge existing techniques or create new ones.