1
SATURN 2017
Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]Safety & Security in Mission Critical IoT Systems© 2017 Einar Landre
Safety & Security in Mission Critical IoT SystemsEinar Landre, Statoil
2
SATURN 2017
Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]
Statoil
3
SATURN 2017
Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]
Dependence driven criticalityNon Critical Business Critical Mission Critical Safety Critical
Useful system• Low dependency• System does not need
to be trusted
High availability• Cost of downtime,
spares, repair and warranty claims
High reliability• Increase the
probability of failurefree operation for a specific time in a given environment for a given purpose
High safety and integrity• High reliability• High availability• High security• Focus is not on cost,
but on preserving life and nature
Software criticality
4
SATURN 2017
Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]
A tale of things
- Loss of life- Loss of trust- Loss of business- Environmental damage- Lawsuits & Bankruptcy
1995: Things run by humans
Troll A, 472 meters, the largest man made “thing” ever moved
2015: Things run on software
Asgard subsea compression
2025: An Internet of collaborating Things
The subsea factory
5
SATURN 2017
Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]
Replacing old vulnerabilities with new challenges
Loss of life Loss of trust Loss of business Environmental damage Lawsuits Bankruptcy
When critical systems fail
Mitigating human weakness with Intelligent Machines
Machine learningSignal processingReasoningAutomated planningCognitive computing
how to createtrustworthy software?
6
SATURN 2017
Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]
Some specific software challenges
Common mode failure
Malware, viruses and hacking
Humans make mistakes
Blurred boundaries
7
SATURN 2017
Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]
The means
Design ThinkingHolistic DesignArchitecture centric
Systems Engineering Process
IEC 61508 Functional Safety instrumented systemsDO-178C Software considerations for airborne systemsIEC 61511 Safety Instrumented systems for process industry
StandardsEvidence based verification
8
SATURN 2017
Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]
SummaryIoT is more about software than tings• Network of non-critical things become criticalSoftware support humans in critical tasks• 2nd and 3d order failure effects must be
addressed upfront• Mirroring cognitive functions make software
more complexArchitecture centric Systems Engineering• Forge design thinking with high-integrity
systems practice
9
SATURN 2017
Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]
SATURN 2017
Thank you