Adding Security Concerns to Safety Critical Certification

Safety-critical systems represent those systems whose failure may lead to catastrophic consequences on users and environment. Several methods and hazard analysis, and standards in different disciplines, have been defined in order to assure the systems have been designed in compliance with safety requirements. The increasing presence of automatic controlling operation, the massive use of networks to transfer data and information, and the human operations introduce a new security concern in safety-critical systems. Security issues (threats) do not only have direct impact on systems availability, integrity and confidentiality, but they also can influence the safety aspects of the safety critical systems. Today taking into account malicious actions through intrusion into communications and computer control systems become a critical and not negligible step during the design and the assessment of safety-critical systems. The paper describes a general methodology to support the assessment of safety-critical system with respect to security aspects. The methodology is based on a library of security threats. Such threats, identified during the work, have been mapped to the NIST security controls. Then, a preliminary representation of the library in the aerospace domain is shown through some simple example, together with some considerations on the relation between security issues and safety impact as a valuable addition to the safety critical systems certification process.