Architectures for Cyber-Security Incident Reporting in Safety-Critical Systems

Cyber-attacks can have a devastating impact on safety-critical systems. The increasing reliance on mass market Commercial Off-The Shelf (COTS) infrastructures, including Linux and the IP stack, have created vulnerabilities in applications ranging from Air Traffic Management through to Railway signalling and Maritime surveillance. Once a system has been attacked, it is impossible to demonstrate that malware has been completely eradicated from a safety-related network. For instance, recent generations of malware use zero day exploits and process injection with command and control server architectures to circumvent existing firewalls and monitoring software. This creates enormous problems for regulators who must determine whether or not it is acceptably safe to resume operations. It is, therefore, important that we learn as much as possible from previous cyber-attacks without disclosing information that might encourage future attacks. This paper describes different architectures for encouraging the exchange of lessons learned from security incidents in safety-critical applications.