package handlers // Safety/Security separation for the IACE hazard log. // // The traditional CE risk assessment (Maschinenrichtlinie / EN ISO 12100) and // the cybersecurity assessment (Cyber Resilience Act) are two distinct steps. // IACE owns the traditional, physical + functional-safety hazards; the CRA // module (/sdk/iace/{id}/cra) owns the native cyber/AI topics and re-examines // which safety functions a cyber attack can re-open (see iace-safety-bridge). // // The split is by the NATURE of the hazard, not by the component: a control // fault, bus failure or botched update is FUNCTIONAL safety (random/systematic // fault) and stays in CE — independent of whether the controller is a bought-in // CE-marked PLC or the manufacturer's own embedded control. Only the security // PROPERTIES against malicious actors (access control, firmware/update // integrity, SBOM, vulnerability handling, default passwords) are CRA. // // Functional-safety control categories (software_control, software_fault, // safety_function_failure, configuration_error, communication_failure, // update_failure, sensor_fault, …) therefore intentionally STAY in IACE — they // are the safety functions whose loss the CRA bridge re-examines. // // Enforced centrally in InitializeProject so it holds for EVERY project. var nativeCyberSecurityCategories = map[string]bool{ // I. Cyber / Netzwerk — security against malicious actors "unauthorized_access": true, "firmware_corruption": true, "cyber_resilience": true, "logging_audit_failure": true, "cyber_network": true, "sensor_spoofing": true, // J. KI-spezifisch "ai_specific": true, "ai_misclassification": true, "false_classification": true, "model_drift": true, "data_poisoning": true, "unintended_bias": true, } // isCyberSecurityCategory reports whether a hazard category is a native cyber/AI // topic that belongs to the CRA module rather than the traditional CE hazard log. func isCyberSecurityCategory(category string) bool { return nativeCyberSecurityCategories[category] }