Tools and techniques for reporting and analysing the causes of cyber-security incidents in safety-critical systems

Incident reporting is a component of safety management systems across many industries. Their perceived success has led to the development of similar approaches in cyber security; information about previous attacks can be used to identify wider vulnerabilities and to inform future threat assessments. However, it can be difficult to integrate safety and security reporting within a single system. For example, in safety reporting systems the aim is often to disseminate lessons as widely as possible. In cyber security, there is a concern that this might motivate and inform further attacks. This paper identifies the challenges that arise in developing reporting schemes for security incidents in safety-critical applications. In particular we focus on the problems of implementing intrusion detection systems and coordinating forensic analysis without undermining system safety. These problems are exacerbated because existing cyber-security reporting guidelines focus more on office based systems than complex, command and control applications.