PDR1

This is where I think the misunderstanding lies. I can't speak for B&T, but in the sort of application I was describing "plugging in a USB drive with stuff you brought home from work" would certainly get you escorted from the room and summarily sacked and would probably see you arrested pending prosecution and the prospect of many years in jail.

I suspect in B&T's case they may not do the prosecution stuff, but the idea of plugging your own USB device into a PC hosting a medically-critical system is probably a complete no-no in his place.

Who cares, because you wouldn't be allowed to anyway. Again I'm guessing about B&T's machines, but in high-integrity systems in our place you just don't use the dedicated machines for "normal PC work". In my case I have two PCs on my desks at work - I have a laptop which is plugged into the lower-classification network for normal email, project management, expenses, word processing and spreadsheets, internet research etc. This machine can read USB devices if they are registered to the network and encrypted (using a secure volume browser which is only available on that network). The second machine is for secure project work and is a locked-down one on the "higher classification" network. This network is air-gapped to the rest of the world, and is very picky about what it will talk to. If you plug anything into that cable that it doesn't recognise the router disables the port. If you try to plug anything other than a specific type of keyboard & mouse into the USB ports the PC shuts down and won't restart until its hard drive is replaced with an unlocked one.

And of course neither of these is actually a deliverable machine doing the actual work. The deliverable machines have specific software configs, no general applications and a configuration that's so locked down you couldn't even change the desktop image without causing an exception.

That's what IA cases are all about.

PDR