Code of Practice: Cyber Security and Safety

The implementation of effective cyber security will, in general, require modification of safety-related systems and current procedures throughout their lifecycle.

A close interaction between respective engineers is therefore vital. However, teams responsible for safety and cyber security are often in different parts of an organization.

In many organizations, the governance of the combined risk only comes together at a point of such seniority that the technical competence and capacity for detail may be inadequate to ensure that the teams work together effectively.

Consequently, the combined risk to the enterprise is not always fully comprehended. Any divergence or conflict between safety and security goals requires the business to make a conscious decision on how to proceed.

The aim of this Code is to help safety-related system practitioners manage cyber security vulnerabilities that lead to hazards.

It does this by setting out principles, based on a systems engineering approach, which, when applied, will improve the interaction between the disciplines of functional safety and cyber security, which have historically been addressed as distinct activities.