More Ancient Wisdom for the CyberPhysicalHuman World of Today

January 5, 2016
CyberPhysicalHuman: Post by Peter Sheingold, Bob Martin, Chris Folk, Emily Frye, and Bobbie Stempfley
CyberPhysicalHuman Authors

What do the ancient Babylonian legal codes of Hammurabi, written almost four thousand years ago, and the city of London’s response to a fire in 1666 have to do with our modern CyberPhysicalHuman world? Although their policy prescriptions differed, Hammurabi’s legal counselors and London’s mid-17th century law-makers both recognized that human safety and reliability were fundamental considerations for designers and developers of infrastructure that had an impact in the physical world.

Under the Hammurabi codes, which we don’t condone, if a poorly constructed house collapsed and killed its owner, the builder could be put to death. The London fire, which destroyed most of the city, resulted in a less severe alternative: a set of building codes. Among other requirements, the city required that walls in new homes were to be built with brick or stone.

A Holistic and Integrated Risk Perspective

The concepts of reliability and safety remain valid today, especially with CyberPhysicalHuman systems. Therefore, to develop systems that are resilient, designers and developers should incorporate a holistic and integrated view of risk in the development of new devices and systems. This integrated perspective needs to accommodate enduring elements from the physical world which Hammurabi and 17th century London city planners would easily recognize—safety and reliability—and elements which will resonate with today’s cyber warriors—confidentiality, availability, and integrity.

The traditional prioritization of these elements in an operational system often differed from their prioritization in an information system. Consider availability, for example. A designer of an information capability might assume that system availability, although important, is not necessarily mission critical. As a result, it might be reasonable for the designer to assume that an information system can be taken off-line to address vulnerabilities. A designer of an operational system, however, would likely suggest that availability is more than a consumer convenience, it is necessary for safety. This means that outages must be planned and scheduled in advance.

Similarly, physical safety risks are normally accounted for by the designer of an operational system. On the other hand, user safety has not traditionally been a major concern for information technology. However, when interconnecting operational systems to information technology, which are subject to their own cyber-related risks, it is important to reassess the original safety assumptions.

Designers and developers should ask a broader set of trade-off questions as they develop and design converged capabilities that could have an impact on human life and safety. For CyberPhysicalHuman systems, safety and reliability must take their rightful place next to confidentiality, integrity, and availability. While there is no single formula for this new balancing act, the lack of a simple formula does not justify ignoring any of the five elements.

Recent frameworks intended to influence the development of new converged systems such as The National Institute of Standards and Technology (NIST), Cyber-Physical Public Working Group’s "Draft Framework for Cyber-Physical Systems" and the Industrial Internet Consortium's, "Industrial Internet Reference Architecture," are steps in the right direction. Both incorporate holistic views of risk that address both information security and physical safety elements.

Tying it Together Through Assurance

One way to bring these different elements together is through assurance. Assurance, which is not new to either the physical or digital worlds, refers to the confidence that a physical device or piece of software will perform as intended based on some level of proof or evidence.

Historically, many industries that account for safety and reliability in the physical world have adopted comparatively more rigorous assurance regimens, often backed by legal regulation, than is usually associated with software assurance. Or, in plain terms, the level of assurance required to bring a nuclear power plant on-line is far greater than what is required to put apps on smart phones.

How then should we think about assurance in the CyberPhysicalHuman world? Our next post will explore this question.

  1. The CyberPhysicalHuman World of Homeland Security
  2. Convergence: A Recent History
  3. Risk: Focus On Your Main Thing(s)
  4. Applying Ancient Wisdom to Help Manage Modern Risks
  5. Resilience Is a Team Sport
  6. Resilience, Moving Beyond Sectors
  7. Enabling Effective Collaboration with Shared Threat Information
  8. Wrapping It Up and Moving Forward
  9. Coming Closer and Closer to You
  10. More Ancient Wisdom for Today's CyberPhysicalHuman World
  11. There is No One-Size Fits All Approach to the CyberPhysicalHuman World