Incorporating cybersecurity knowledge into safety accident investigation: An educational perspective.
This webinar outlines the latest research into which elements of a cybersecurity academic knowledge framework (CyBOK), see the background described below, can best be aligned with an industry-leading series of safety accident investigation postgraduate courses. The webinar will consider the trials used to explore the teaching of cybersecurity within a safety accident investigation training syllabus including the outline scenarios that can be used, the priority topics and the time limitations.
While the research is focused on teaching methods in this area, this webinar will be of wider interest to all those involved in integrating cybersecurity into their safety management considerations, including those involved in all aspects of training and development of skills and competencies in this emerging area.
To register for the webinar please click here.
The webinar will be presented by Dr Emma Taylor and joining Emma on the panel for the Q&A will be Lucia Capogna:
Emma Taylor CISSP CEng FIMechE FSaRS, Royal Academy of Engineering Visiting Professor in Digital Safety and Security. Emma is a past Board Chair of a professional engineering institution, a Trustee of the Safety and Reliability Society, and a member of the Department for Transport Science Advisory Council. Her work impacts multiple critical national infrastructure sectors including transport, energy and aerospace. An industrial engineer for more than 30 years, Emma is currently Head of Digital Safety at a VC-funded rail cybersecurity scale-up. Working with CNI regulators and NGOs, she leads cross-sector implementation of hybrid safety-cybersecurity across R&D, regulation and ISO, IEC and CENELEC standards, acting as a technical diplomat to create consensus. Emma is a 2018 Daily Telegraph Top 50 Women Engineer and has received a number of awards.
Lucia Capogna is a Computer Science Engineer (BSc) and System Engineer (MSc). She is the Cyber Security and Software Assurance Technical Lead and Team Leader in SYSTRA UK and Ireland and she has over 17 years of experience in software and cyber security in several industries. Lucia represents the UK in several CENELEC and IEC standardisation groups for the development of safety, cybersecurity and software Standards for Railway applications. Lucia’s experience makes her knowledgeable in both safety, software and cybersecurity and their interaction as well as their conflicts across a system lifecycle. Lucia is experienced in preparing and delivering training course on safety, software, cybersecurity and related standards including seminar and webinars for national and international events.
The webinar will start at 12:30 UK time and will last approximately 75 minutes.
Background
The increasing digitalisation and connectivity of Critical National Infrastructure (CNI) sector operation technology (OT) is blurring the lines between IT cybersecurity (well understood, broadly) and OT cybersecurity (specialist, with much legacy equipment). The latter is particularly relevant for safety in CNI, with rapid growth in remote access, provision of cloud-based services, complex supply chain and transfer of data and services from “on premise” to the cloud. The challenge of integrating the two disciplines is well recognised, bridging across legislation, regulation, frameworks and standards (eg IET CoP in safety and cybersecurity).
Accidents and near misses will not wait for things to clarify and the integration of disciplines to become more established. Accident investigators are therefore likely to be exposed to complex situations where the role of disruption of digital systems needs to be established as part of the investigation, including the role of cyber-related disruptions. Previous investigations (eg RAIB ERTMS Cambrian) have established the inherent challenges involved in these types of investigations. Failures are not immediately apparent nor root cause easy to discern.
In recent years a significant Body of Knowledge relating to cybersecurity (CyBOK) has been developed and there is now a need for safety accident investigators to be able to access and absorb this information. In view of this, work has been ongoing to develop strategies and pathways for identifying the optimum tailored teaching route for access, limiting time, aligning with core competencies and – most importantly – allowing for effective implementation in this emerging field.
The webinar will outline emerging best practice and highlight the challenges involving an integrated approach teaching across safety-cybersecurity, and provide some practical takeaways, including suggested case studies, that the audience can take and trial and will be applicable to accident investigation educators, accident investigators, cybersecurity specialists, safety managers and safety engineers.
These teaching methods are being further developed and the final results will be on the Cybersecurity Body of Knowledge (CyBOK) website later in the year.
This work is supported by the Royal Academy of Engineering’s Visiting Professor programme and CyBOK. CyBOK resources are free to use and available online
Starts
Tuesday, 16th July 2024 at 12:30pm
Ends
Tuesday, 16th July 2024 at 1:45pm