1 minute read
2.5 Security vs Safety
2.5 SECURITY VS SAFETY While the terms “safety” and “security” tend to be used interchangeably in informal situations, they have acquired specific meanings51,52 in the domain of Information Security.
Safety is the condition of a system operating without unacceptable risk of physical injury or damage to the health of people, either directly, or indirectly as a result of damage to property or to the environment. (IEC)
Computer security, cybersecurity or IT security is the protection of computer systems from theft or damage as well as disruption or misdirection of the services they provide. (Wikipedia)
Safety measures focus on preventing losses due to unintentional actions by benevolent actors, while security measures emphasise the prevention of losses due to intentional actions by malevolent actors53. Security threats, as described in the previous section, tend to be rooted in malicious intentions, typically deriving from crime, terrorism, geo-politics or hacktivism, and they evolve over time, meaning that there should be a continuing strategy to react, adapt and defend against these threats. Safety hazards, on the other hand, are typically accidental and stem from environmental situations or human error.
Having said that, many security threats can lead to safety losses – indeed, the fact that IoT devices are closely integrated with the physical world54 increases the likelihood of a malicious attack cascading into a significant safety loss.
51 https://www.iec.ch/functionalsafety/explained/ 52 https://en.wikipedia.org/wiki/Computer_security 53 Inside Risks: An Integrated Approach to Safety and Security Based on Systems Theory, Young and Leveson, Communications of the ACM, Feb 2014 54 https://www.iotsecurityfoundation.org/safety-security/ 23
