Most control room operators have a strong focus on safety. Successful cyber-attacks can disrupt such critical procedures. IT security threats are one possible root cause for safety hazards.
Legislators globally have reacted to this problem by enacting new laws targeting cybersecurity of vital infrastructures. At the same time, integrating IT security practices with safety requirements is not necessarily easy as many common security practises conflict with safety. At times, organisations may feel that they are in a no-win scenario.
So how can security be achieved in a safety-critical context?
