Search Results

This chapter looks at the current state of physical systems controlled by an onboard computer. Typically this covers transportation systems such as cars, aircraft, railway systems, space systems, or even medical devices, all of them either for the expected harmfulness for people, or for the huge cost associated with their failure. The chapter shows how the increase of computer use in those systems has led to huge benefits, but also an exponential growth in complexity. Furthermore, the drawback of this massive introduction of computers to control systems is the lack of predictability for both computer and software. This chapter shows how the aerospace industry, and more generally critical embedded systems industries, is now facing a huge increase in the software size in their systems. This in turn creates a greater system complexity increase because of safety or performance objectives. Moreover, this complexity leads to the need to integrate even more advanced algorithms to sustain autonomy and energy efficiency.

The question “How do I assess our cyber risk?” addresses how to identify and characterize cyber risk unique to an organization’s critical systems, networks, and data. The chapter begins with a case study about a cyberattack on Ukraine’s electric grid. It details risk assessment for three types of critical systems: mission-critical systems, business-critical systems, and safety-critical systems. It explains the three types of networks critical to many organizations: business and administrative networks, operational and service delivery networks, and communication networks. In outlining the “CIA triad,” it shows how cyber risk can be characterized as a confidentiality, integrity, or availability issue relating to digital assets. Further, it describes how to assess the importance of different digital assets and how to prioritize them using a business impact analysis (BIA). The chapter concludes with real-world Embedded Endurance strategy lessons Rosenbach gained in Saudi Arabia in the wake of one of the world’s most destructive cyberattacks.

This chapter expands the discussion of how time and scale interact with risk when managing infrastructures for reliability. The whole cycle of infrastructure operations ranges from normal to disrupted, restored, failed, recovered, and new normal. Risks vary by the stage of the cycle, and each stage is managed for reliability differently. Thus, a disruption in one infrastructure of an ICIS requires not only zooming down to determine root causes but also zooming up to determine its impact on the entire infrastructure as a system and zooming across to determine how these impacts affect infrastructures interconnected with it. Two examples-the 2010 San Bruno gas explosion and the major nexus of infrastructure on an island in the Delta-illustrate how risk analysis is to be undertaken in the ICIS setting.

This chapter gives a brief overview of some formal methods and their use in the context of critical embedded systems development. While testing is a common practice for a lot of engineers as a way to evaluate whether the program they developed fulfills its needs, formal methods are less known and may require a little introduction to the non-expert. This chapter thus serves as a reasonable introduction to the control expert engineer. It first defines the semantics of programs: their basic properties and their meaning. Then, the chapter outlines different formal verifications and explains how they reason on the program artifact. A last part addresses the soundness of the analyses with respect to the actual semantics.

The question “How do I embed cyber risk management in all aspects of the organization?” addresses how to adopt an Embedded Endurance cyber risk strategy in your day-to-day work as a cyber leader. The chapter begins with a case study about the NotPetya cyberattack, which highlights ongoing challenges in cyber insurance and illuminates the need for embedding cyber mitigation measures across all prioritized critical systems, networks, and data. The chapter describes how to develop an Embedded Endurance cyber risk strategy that is customized for your organization. This chapter walks readers through the key elements of a cyber strategy, from start to finish. This includes defining a risk framework, setting strategic goals, identifying metrics, and establishing strong leadership. The chapter concludes with experiences highlighting the real-world importance of an Embedded Endurance cyber risk strategy from Rosenbach and Falco.

This chapter responds primarily to a recent criticism of Kant by Stephen Houlgate. Like many other recent Hegelian accounts, Houlgate’s severe critique of Kant’s theoretical philosophy contends that, in contrast to Hegel, Kant’s Critical system, especially because of its doctrine of transcendental idealism, presupposes a subjectivist and therefore inadequate position. On the basis of a moderate interpretation of Kant’s idealism and his general Critical procedure, the chapter defends Kant from the charge of subjectivism, and also gives an account of how subjectivist interpretations in general can arise from a series of understandable misunderstandings of difficult passages in Kant’s Critique of Pure Reason.