Safety & Security

Functionally safe products must be specially protected against cyber risks on the basis of normative specifications. This in-depth page deals with the combination of safety and security covered on dedicated pages before.

In industrial applications the recently published IEC TR 63074 describes which security measures are necessary to ensure safety. The report is to be understood as a link between the central safety standard IEC 61508 and the equally central security standard IEC 62443.

For medical technology, the German BfArm has made it clear: "Manufacturers and operators must pay more attention to IT security of networked medical products: Cybersecurity is an essential prerequisite for medical device safety and patient protection".

Engineering Services

In addition to the normative requirements, it should be considered in the product definition that with a higher security level (SL) of a component such as a control system, fewer protective measures by external components are required. Since system considerations always require intensive coordination with the end user, embeX advises on the cost-benefit analysis of improved security safeguards, where further system components as well as the coordination are not necessary.

The certified embeX development process covers both safety and security requirements and is made available to customers for adoption on request. embeX is already developing sophisticated products for the SIL 3 and SL 4 certifications.

On the one hand, synergies are created in the development of safe and secure products, as both areas place high demands on the care taken in development and predictable behaviour. On the other hand, the balance between a large number of opposing objectives of the safety terms must be sounded out on a project-specific basis.

Balancing Safety and Security Requirements

Safety Security
Norm IEC 61508 (SIL 1-4) IEC 62443 (SL 1-4)
Description Complete, detailled and static Dynamic description in categories
Source of damage System Internal & external
Threat analysis Failure Vulnerability
Target Constant safety function State-of-the-art security
Temporal Development One-time development Regular reassessment and improvement
Availability Only required with active safety Depending on threat
System Usability High If required: Limited
Standardisation No, due to common cause Yes to minimise weaknesses
Coding style Well readable Constant speed
Updates To be avoided Required
Reaction time for updates Months Typ. 1-90 days

Standards and Directives

We work according to the following guidelines and standards:

  • IEC TR 63074: “Security aspects related to functional safety of safety-related control systems”
  • IEC TR 63069: “Industrial-process measurement, control and automation - Framework for functional safety and security”
  • Medical Device Certification Group: MDCG 2019-16: “Guidance on Cybersecurity”
  • Guidances for FDA
    • “Premarket Submissions for Management of Cybersecurity in Medical Devices”
    • “Postmarket Management of Cybersecurity in Medical Devices”
  • IEC 50159: “Railway applications. Communication, signalling and processing systems. Safety-related communication in transmission systems”

Who to contact

 

Dr. Kai Borgwarth

Head of Marketing and Sales

Phone: +49 761 479799-677
Mobile: +49 151 4223 2542
k.borgwarth@embeX.de

Download vCard

Contact

Tel.: +49 761 479799-677
k.borgwarth@embeX.de