IF IT IS NOT SECURE, IT IS NOT SAFE Why and how your organisation must make safety and security work together
Mike St. John-GreenTechnical Director - Method Cyber Security
Time & Location
Thursday: 12.30 to 12.45, Stage 3
About this pressentation
The first reported cyber-attack on a Safety Instrumented System demonstrates that systems important to safety need cyber security measures to avoid their safety arguments being invalidated. But there is a broader justification: cyber security risks arise as a direct result of the nature of networked digital technology, which renders existing safety analysis inadequate to mitigate those risks. Existing standards recognise that safety and security practices need to work together but detailed, procedural best practice is not yet mature. The paper reflects on why cyber security is such a challenge, why safety analysis does not automatically cover cyber security and what current guidance does tell us. It then identifies some specific areas where industry thought-leaders could share how they are dealing with this topic and the paper finishes with a question about the ethics of using of the most advanced networked digital technologies in systems that are important to safety. In considering these topics, the paper draws broadly on experiences in civil nuclear and hazardous industries, where networked digital technology is being adopted for pressing commercial reasons.
Mike StJohn-Green has over forty years’ experience in the security sector having spent 39 years in UK government, at the MOD, GCHQ and then in the Office of Cyber Security and Information Assurance in the Cabinet Office. While in the Cabinet Office, he contributed to the first and second national cyber security strategies. His roles in GCHQ included deputy director CESG, the Information Assurance arm of GCHQ and predecessor to the NCSC. Since retiring from government in 2013, Mike has worked with private and public sector organisations worldwide, ranging from the finance sector in the City of London to national defence and critical infrastructure, as a cyber security subject matter expert. In 2014, he wrote the Commonwealth countries’ guidance for writing national cybersecurity policies, including guiding principles for the responsible use of cyberspace. He works with the International Atomic Energy Agency, IEC, UK’s IET and other well-known standards organisations. For the past few years, Mike has been focusing on improving the cyber security of industrial control systems in safety critical systems and in the critical national infrastructure, working with operators and regulators of high hazard sites in the UK to meet the requirements of the NIS Directive. A frequent speaker and writer, Mike co-authored a book on Cyber Resilience in 2015. He is a Chartered Engineer and a Fellow of the IET and became an Honorary Fellow of the University of Warwick in 2014.