Blog

Before joining Wurldtech and becoming immersed in the field of industrial cyber security, I never gave much thought to the differences between the concepts of safety and security. There was an intuitive understanding: I knew what each term meant and when it was appropriate to use one over the other. However, upon entering our industry, the line between these two previously distinctive terms became blurred. Talk of concepts such as functional safety, functional security, safety integrity levels, and security assurance levels caused me to question not only how the two words were different with respect to industrial automation, but also how the terms differed fundamentally.

To try and clarify the fundamental difference between the two terms, let’s take a look at their dictionary definitions. The first definition for safety on dictionary.com is “the state of being safe; freedom from the occurrence or risk of injury, danger, or loss.” For security it is “freedom from danger, risk, etc.; safety.” These two definitions confirm what we already know: safety and security are closely intertwined; the purpose of security is to ensure safety. The unique aspects of security come to light in subsequent definitions: “something that secures or makes safe; protection; defense” and “precautions taken to guard against crime, attack, sabotage, espionage, etc.” These two definitions imply two fundamental components of security:

1. There is the presence of an external agent that wishes to actively and purposefully harm the target.
2. Security is an active concept. An action must be taken or a condition must be satisfied to combat the external agent and to ensure the safety of the target.

Well-known security measures such as bank security guards, encryption, and a shotgun all satisfy the above requirements. Now, let’s see how these two criteria relate to safety.

1. Many external agents can actively impact a target’s safety: incoming traffic, a falling boulder, etc. However, a traffic accident is considered a safety incident and not a security incident because there was no desire for the other driver to cause the accident. It is this absence or presence of malicious intent that is the most effective means of differentiating between a security or safety incident.
2. Active measures are not necessary to ensure safety. If there is no attacker, then no safety measures need to be taken for something to be considered safe. For instance, residents of Vancouver, British Columbia are, for the most part, safe against lion attacks, despite the absence of any specific anti-lion measures. For security, however, no security measures mean, by definition, that whatever is being protected is insecure. For example, consider an unlocked car left unattended in a virtually crime-free community. It is probably safe, but it is most certainly insecure.

In summary, for there to be security, there must be both an agent actively wishing to harm a target, and some active protection mechanism employed by the target to combat the agent.

The fundamental differences between safety and security are apparent in how each is practiced in industrial automation. Safety is quantifiable and primarily concerned with reliability. There is no consideration of an external attacker. The level of safety is communicated through Safety Integrity Levels (SILs), with each level representing a minimum probability of failure. Cyber security, on the other hand, is not as quantifiable due to the difficulty (impossibility?) in measuring the probabilistic actions of an unknown external agent. Whereas safety is measured, security is assessed. Is there a firewall? Are there vulnerable services running on the device? How does the device handle malformed traffic? Security Assurance Levels (SALs), the security equivalent of SIL, embody the qualitative nature of security. SALs do not represent probabilities, but rather depend on the type of security mechanisms in place.

Hopefully this discussion has provided some clarity to the reader in differentiating between these two different, but closely related, concepts. For a more extensive examination of security vs. safety, I encourage you to examine this article from Automation World.