Evaluating the impact of cyber security and safety with human factors

Author: Eylem Thron
Day: Aspect Day One
Session: Cyber Resilience

Railway safety and security are typically considered as two independent engineering concepts, but there is now a recognition that cyber security imposes new threats which directly or indirectly affect human life. Rail technology is engineered from a safety perspective, and subject to independent assurance. However, in the same sense that a passenger or driver's view of a system is not the same as that of an accreditor, attackers view rail systems and vulnerabilities in different ways. Similarly, human and task characteristics that might seem benign from a safety perspective might be manipulated from a security perspective, leading to attacks that compromise both. This raises the question of how cyber security can be better designed and assessed as part of the implementation of railway projects, while accounting for human factors.To illustrate the impact of security on safety, we consider the example of a Polish tram incident in 2008, where a teenager converted a TV remote control into an infrared transmitter. This activated rail switches and redirected trams. This led to tram derailments and emergency tram stops which provide a serious threat to the safety of passengers and railway staff. Although a well-known incident used by some as an unwarranted appeal to fear, it does highlight the need for rail infrastructure and the people who maintain it to remain resilient in face of emerging threats and unintended consequences. One vehicle for obtaining this resilience is better understanding the relationship between induced errors (latent failures) and anticipated error with security concepts.Risk is an important concept shared by safety and security engineering. It portrays the impact of a potential loss of human safety and cyber security on the railway systems, and acts as a boundary object for exploring the impact of changes to safety, security, and human factors system design elements. In this paper, we present the interdependencies between safety, security, and human factors engineering concepts, and they can be used to explore the impact of design changes on risk. We illustrate how the open-source CAIRIS (Computer Aided Integration of Requirements and Information Security) platform can conceptualize the security and usability elements to the Polish tram incident to identify root cause safety and security problems related to human error.