Registration
Please register for this event using the following link.
Abstract
Most cyber security research cannot easily be applied to safety-critical transport applications. As a trivial example, it is (almost) impossible to gain regulatory approval for intrusion detection systems (IDS) within safety-related control systems. Many of these IDS rely on AI/machine learning; which is not approved within existing software safety standards such as IEC61508 and arguably DO-178C.
How can you prove that a program is safe when its behaviour is influenced by future training sets? And if you can, how would you respond to an alert in the Flight Data Processing Systems in Heathrow? You cannot switch the system off and do a forensic analysis with dozens of aircraft in the sky. If you continue to operate, you may endanger safety by ignoring evidence that you have software of unknown provenance in your networks. Existing security standards, including the ISO27k series, are equally hard to apply.
In many aircraft, the firmware of programmable components is not patched because of the costs associated with additional safety verification and validation. This raises a dilemma; would you leave them unpatched with known security vulnerabilities? Or update them, meeting significant additional cost AND run the risk of transferring malware to the devices with the update?
This talk will provide a broad introduction to the cybersecurity of safety-related transport systems and provide some initial solutions.
Speaker
Chris Johnson is Professor and Head of Computing at the University of Glasgow. His work focuses on the intersection between cyber security and safety-critical systems, particularly in aviation. He has held two fellowships from NASA and two fellowships from the US Air Force working with Langley AFB and Space Command. He was the only academic member of the UK Dept of Transport cyber risk assessment teams in aviation and the maritime sectors reporting to the Cabinet Office. He helped write the business continuity case for Schiphol airport (2015) and is working with Aeroports de Paris/Helios (2016) on the cybersecurity of Airport Operations Centres. He also worked with the US government Pacific North Western Labs and the UK National Nuclear Laboratory under contract to the United Nations supporting the cyber security of Chemical, Biological, Radiological and Nuclear facilities around the globe. He has some 300 peer reviewed publications.
A copy of the presentation will be uploaded after the seminar.