1

SATURN 2017

Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]Safety & Security in Mission Critical IoT Systems© 2017 Einar Landre

Safety & Security in Mission Critical IoT SystemsEinar Landre, Statoil

2

SATURN 2017

Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]

Statoil

3

SATURN 2017

Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]

Dependence driven criticalityNon Critical Business Critical Mission Critical Safety Critical

Useful system• Low dependency• System does not need

to be trusted

High availability• Cost of downtime,

spares, repair and warranty claims

High reliability• Increase the

probability of failurefree operation for a specific time in a given environment for a given purpose

High safety and integrity• High reliability• High availability• High security• Focus is not on cost,

but on preserving life and nature

Software criticality

4

SATURN 2017

Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]

A tale of things

- Loss of life- Loss of trust- Loss of business- Environmental damage- Lawsuits & Bankruptcy

1995: Things run by humans

Troll A, 472 meters, the largest man made “thing” ever moved

2015: Things run on software

Asgard subsea compression

2025: An Internet of collaborating Things

The subsea factory

5

SATURN 2017

Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]

Replacing old vulnerabilities with new challenges

Loss of life Loss of trust Loss of business Environmental damage Lawsuits Bankruptcy

When critical systems fail

Mitigating human weakness with Intelligent Machines

Machine learningSignal processingReasoningAutomated planningCognitive computing

how to createtrustworthy software?

6

SATURN 2017

Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]

Some specific software challenges

Common mode failure

Malware, viruses and hacking

Humans make mistakes

Blurred boundaries

7

SATURN 2017

Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]

The means

Design ThinkingHolistic DesignArchitecture centric

Systems Engineering Process

IEC 61508 Functional Safety instrumented systemsDO-178C Software considerations for airborne systemsIEC 61511 Safety Instrumented systems for process industry

StandardsEvidence based verification

8

SATURN 2017

Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]

SummaryIoT is more about software than tings• Network of non-critical things become criticalSoftware support humans in critical tasks• 2nd and 3d order failure effects must be

addressed upfront• Mirroring cognitive functions make software

more complexArchitecture centric Systems Engineering• Forge design thinking with high-integrity

systems practice

9

SATURN 2017

Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]Title of the Presentation Goes Here© 2017 [Copyright Owner[s]]

SATURN 2017

Thank you