Code of Practice for Cyber Security and Safety in Engineering
The Institution of Engineering and Technology has published a Code of Practice with the support of the NCSC.
Code of Practice to help the engineering sector implement effective cybersecurity has been published.
The Code, developed by the Institution of Engineering and Technology with input from the NCSC, sets out a series of principles designed to ensure safety and cybersecurity teams work together effectively to address the threat of cyber attacks.
This Code of Practice is written for engineers and engineering management to support their understanding of the issues involved in ensuring that the safety responsibilities of an organization are addressed, in the presence of a threat of cyber attack. “If it’s not secure, you can’t be confident it’s safe.
The implementation of effective cybersecurity will, in general, require modification of safety-related systems and current procedur
A close interaction between respective engineers is therefore vital. However, teams responsible for safety and cybersecurity are often in different parts of an organization.
In many organizations, the governance of the combined risk only comes together at a point of such seniority that the technical competence and capacity for detail may be inadequate to ensure that the teams work together effectively.
Consequently, the combined risk to the enterprise is not always fully comprehended. Any divergence or conflict between safety and security goals requires the business to make a conscious decision on how to proceed.
The aim of this Code is to help safety-related system practitioners manage cybersecurity vulnerabilities that lead to hazards.
It does this by setting out principles, based on a systems engineering approach, which, when applied, will improve the interaction between the disciplines of functional safety and cybersecurity, which have historically been addressed as distinct activities.