Some have argued that safety and cybersecurity are fundamentally different — that safety is static, while cybersecurity is dynamic and adversarial. It assumes that safety problems impact the real world, and that cybersecurity is confined to digital systems.
That distinction is broken.
On the road, Waymo vehicles rely on software making real-time driving decisions — where safety now depends on the integrity of that software, and therefore on cybersecurity.
In aviation, software-driven control systems depend on sensor inputs to interpret the physical world. An attacker can manipulate those inputs. As a result, safety in these systems is no longer static — it is dynamic and adversarial.
Cybersecurity failures are not confined to digital systems — they can have deadly consequences. Pacemakers can be stopped remotely. Ransomware can delay patient care. The Colonial Pipeline ransomware attack disrupted fuel supply across the U.S. East Coast.
Taken together, these examples show a consistent pattern: in today’s world, the distinction between cybersecurity and safety is artificial.
The question is no longer whether cybersecurity is like safety. It is which parts of cybersecurity must be treated as product safety problems — standardized, independently verified, and enforced.
The future of cybersecurity is safety-driven: enforceable, verified product security where systems must demonstrate defined security properties before they can enter the market.
Safety did not always begin with standards and enforcement. Early manufacturers blamed accidents on treacherous roads and imperfect drivers—externalities beyond their control. If we had accepted that argument, safety as it exists today would not exist. Safety evolved by forcing products to be safe despite imperfect roads and drivers.
Safety was never tractable. Real-world complexity makes the space of failures intractable. We addressed it anyway—not by solving everything, but by systematically eliminating the most common and most severe failures. Cybersecurity today is described as complex, but complexity never prevented safety from being systematically improved.
Cybersecurity today is still approached as if complexity makes the problem unsolvable. Failures are attributed to adaptive attackers, evolving tactics, and heterogeneous environments. But many of the failures that cause damage are overwhelmingly mundane—unpatched vulnerabilities, insecure defaults, and weak configurations. These are product failures with known mitigations. Product failures can be systematically reduced.
Ransomware is often framed as an example of unstoppable adversarial behavior. In reality, with proper backups and recovery processes, ransomware becomes disruption, not catastrophe. We know how to mitigate ransomware failures. What’s missing is enforcement.
Adversaries do not make the system unsolvable. They expose where the system is weak. Every system has actors who don’t follow the rules. They don’t invalidate the system—they reveal where it fails.
The Cyber Resilience Act and emerging U.S. efforts such as the Cyber Trust Mark are shifting security from voluntary best practice to externally enforced requirements. They shift enforcement from organizational level to product level. Products will be required to demonstrate defined security properties before entering the market.
This is how safety became enforceable at the product level. That same transition is now underway in cybersecurity.
