1. Academic experts
  2. Research students
  3. Students
  4. Alumni
  5. Senior people at City
  6. Non-academic staff
  7. Honorary graduates

portrait of Professor Robin Bloomfield

Professor Robin Bloomfield

Professor of System and Software Dependability

School of Mathematics, Computer Science and Engineering, Department of Computer Science

Contact Information


Visit Robin Bloomfield

A304E, College Building

Postal Address

City, University of London
Northampton Square
United Kingdom



Robin Bloomfield is Professor of Software and System Dependability at the City, University of London. His research interests are in the dependability (reliability, safety, security) of computer-based systems. His work in safety in the past 20 yrs has combined policy formulation, technical consulting and underpinning research. He is a founder member of the consultancy Adelard and prior to this he worked in industry for the UK electricity utility (CEGB) where he was concerned with the design and validation of the control and safety systems of nuclear power stations. The post is shared with Peter Bishop and he spends most of his time with the consultancy Adelard.

Professor Bloomfield attended St John's College, Cambridge and holds an MA in Natural Sciences from Cambridge University and is also a chartered engineer.

Prof Bloomfield has held a variety of professional and honorary posts. He was an independent member of the UK Nuclear Safety Advisory Group (NUSAC) before it was disbanded and in 2007 and was a member of the UK Cabinet Office Information Assurance Research and Co-ordination Group. He was the UK member of NATO Research Task on dual use technologies and co-chaired, for the EU, the 2007 Joint US-EU workshop on ICT-Enabled Critical Infrastructures and Interdependencies. Recently he has been a member of the UK Treasury Engineering Infrastructure and Interdependencies Expert Group that supported the revised UK Infrastructure Plans. He has been chairman of the European Workshop on Industrial Computer Systems (EWICS), and a long term member of the Safecomp programme committee.


  1. MA (Cantab) Natural Sciences, University of Cambridge, United Kingdom, 1978


  1. Professor, City, University London, 2011 – present
  2. Head of Department, Centre for Software Reliability, City, University London, 2003 – 2011
  3. Appointed Professor of System & Software Dependability, City, University London, 2000 – present
  4. Founder, Adelard LLP, 1987 – present
  5. Research Officer, Central Electricity Generating Board, 1976 – 1987


  1. Fellow (FREng), Royal Academy of Engineering, Oct 2014 – present

Memberships of professional organisations

  1. CEng Institute of Energy, Engineering Council, 1983 – present
  2. ME, Institute of Energy, 1983 – present


Research interests

• Safety and Assurance Cases and security informed safety
• Underpinning models for evaluating the trustworthiness of software based systems
• Security, resilience and critical infrastructure and interdependencies
• Setting policy and research agendas

- Conservative models of reliability prediction
- Development process modelling
- Industrial Liaison Director for DIRC



  1. Bishop, P., Bloomfield, R., Guerra, S. and Thuy, N. (2012). Safety justification frameworks: Integrating rule-based, goal-based and risk-informed approaches. (pp. 1283–1290). ISBN 978-1-62748-015-4.

Conference papers and proceedings (44)

  1. Bloomfield, R.E. (2018). Invited Talk: Structured Engineering Argumentation.
  2. Bloomfield, R., Butler, E., Guerra, S., Bloomfield, R.E. and Netkachova, K. (2017). Security-informed safety: Integrating security within the safety demonstration of a smart device.
  3. Bloomfield, R., Butler, E. and Netkachova, K. (2017). Assurance of open systems dependability: developing a framework for automotive security and safety. 6th Workshop on Open Systems Dependability Tokyo, Japan.
  4. Bloom Field, R., Bendele, M., Bishop, P., Stroud, R. and Tonks, S. (2016). The risk assessment of ERTMS-based railway systems from a cyber security perspective: Methodology and lessons learned.
  5. Bloomfield, R.E. and Parisaca-Vargas, A. (2015). Using Ontologies to Support Model-based Exploration of the Dependencies between Causes and Consequences of Hazards. 7th International Conference on Knowledge Engineering and Ontology Development 12-14 November, Lisbon, Portugal.
  6. Netkachova, K., Müller, K., Paulitsch, M. and Bloomfield, R. (2015). Security-Informed Safety Case Approach to Analysing MILS Systems. European Network of Excellence on High Performance and Embedded Architecture and Compilation (HiPEAC), International Workshop on MILS: Architecture and Assurance for Secure Systems 19-21 January, Amsterdam, The Netherlands.
  7. Netkachova, K., Müller, K., Paulitsch, M. and Bloomfield, R. (2015). Investigation into a layered approach to architecting security-informed safety cases.
  8. Netkachova, K., Netkachov, O. and Bloomfield, R. (2015). Tool support for assurance case building blocks: Providing a helping hand with CAE.
  9. Netkachova, K., Bloomfield, R., Popov, P. and Netkachov, O. (2015). Using structured assurance case approach to analyse security and reliability of critical infrastructures.
  10. Netkachova, K., Müller, K., Paulitsch, M. and Bloomfield, R. (2015). A layered approach to architecting security-informed safety cases (applied to an avionics case study).
  11. Shittu, R., Healing, A., Ghanea-Hercock, R., Bloomfield, R. and Muttukrishnan, R. (2014). OutMet: A new metric for prioritising intrusion alerts using correlation and outlier analysis. 2014 IEEE 39th Conference on Local Computer Networks (LCN) 8-11 September.
  12. Bloomfield, R. and Netkachova, K. (2014). Building blocks for assurance cases.
  13. Bishop, P.G., Bloomfiel, R.E. and Cyra, L. (2013). Combining Testing and Proof to Gain High Assurance in Software: a Case Study. (ISSRE 2013) IEEE International Symposium on Software Reliability Engineering 4-7 November, Pasadena, CA, USA.
  14. Bloomfield, R.E., Netkachova, K. and Stroud, R. (2013). Security-Informed Safety: If it's not secure, it's not safe. 5th International Workshop on Software Engineering for Resilient Systems (SERENE 2013) 3-4 October, Kiev, Ukraine.
  15. Olabelurin, A., Kallos, G., Xiang, Y., Bloomfield, R., Veluru, S. and Rajarajan, M. (2013). Time correlated anomaly detection based on inferences.
  16. Strigini, L., Bloomfield, Robin, , Paulitsch, Michael, and Reiger, Rupert, (2012). Evidence-Based Security in Aerospace. From Safety to Security and Back Again. 23rd International Symposium on Software Reliability Engineering (ISSRE 2012), Fast Abstracts Track 26-29 November, Dallas, Texas, USA.
  17. Gashi, I. (2012). How secure is ERTMS? Workshop on Dependable and Secure Computing for Large-scale Complex Critical Infrastructures (DESEC4LCCI) 25 September, Herrenkrug, Germany.
  18. Bishop, P., Bloomfield, R., Gashi, I. and Stankovic, V. (2012). Diverse protection systems for improving
    security: a study with AntiVirus engines.
  19. Shittu, R., Healing, A., Bloomfield, R.E. and Rajarajan, M. (2012). Visual Analytic Agent-Based Framework for Intrusion Alert Analysis.
  20. Stankovic, V., Bloomfield, R., Bishop, P. and Gashi, I. (2011). Diversity for Security: a Study with Off-The-Shelf AntiVirus Engines. 21st International Symposium on Software Reliability Engineering (ISSRE 2011) Hiroshima, Japan.
  21. Bloomfield, R. and Bishop, P. (2010). Safety and Assurance Cases: Past, Present and Possible Future - an Adelard Perspective.
  22. (2010). Critical Information Infrastructures Security, 4th International Workshop, CRITIS 2009, Bonn, Germany, September 30 - October 2, 2009. Revised Papers.
  23. Bloomfield, R.E., Chozos, N. and Salako, K. (2009). Current Capabilities, Requirements and a Proposed Strategy for Interdependency Analysis in the UK.
  24. Bloomfield, R.E., Buzna, L., Popov, P.T., Salako, K. and Wright, D. (2009). Stochastic Modelling of the Effects of Interdependencies between Critical Infrastructure.
  25. Dübendorfer, T. and Frei, S. (2009). Web Browser Security Update Effectiveness.
  26. Bloomfield, R.E., Gashi, I., Povyakalo, A. and Stankovic, V. (2008). Comparison of Empirical Data from Two Honeynets and a Distributed Honeypot Network.
  27. Bloomfield, R.E., Littlewood, B. and Wright, D. (2007). Confidence: Its role in dependability cases for risk assessment.
  28. Bloomfield, R.E., Masera, M., Miller, A., Saydjari, O.S. and Weinstock, C.B. (2007). Assurance Cases for Security: The Metrics Challenge.
  29. Littlewood, B., Bloomfield, R., Popov, P., Povyakalo, A. and Strigini, L. (2004). The impact of ‘difficulty’ variation on the probability of coincident failure of diverse systems. International Conference on Control and Instrumentation in Nuclear Installations Liverpool.
  30. Littlewood, B. and Bloomfield, R. (2004). On the use of diverse arguments to increase confidence in dependability claims. International Conference on Control and Instrumentation in Nuclear Installations.
  31. Bishop, P.G. and Bloomfield, R.E. (2003). Using a Log-normal Failure Rate Distribution for Worst Case Bound Reliability Prediction. 14th IEEE International Symposium on Software Reliability Engineering (ISSRE 2003) 17-20 November, Denver, Colorado.
  32. Bloomfield, R. and Littlewood, B. (2003). Multi-legged arguments: the impact of diversity upon confidence in dependability arguments.
  33. Bishop, P., Bloomfield, R., Clement, T., Guerra, S. and Jones, C. (2003). Integrity static analysis of COTS/SOUP.
  34. Bishop, P., Bloomfield, R., Clement, T. and Guerra, S. (2003). Software criticality analysis of COTS/SOUP.
  35. Bishop, P.G. and Bloomfield, R.E. (2002). Worst Case Reliability Prediction Based on a Prior Estimate of Residual Defects. Thirteenth International Symposium on Software Reliability Engineering (ISSRE '02) 12-15 November, Annapolis, Maryland.
  36. Bloomfield, R.E. and Guerra, S. (2002). Process Modelling to Support Dependability Arguments.
  37. Bishop, P.G., Bloomfield, R.E., Clement, T. and Guerra, S. (2002). Software Criticality Analysis of COTS/SOUP.
  38. Bishop, P.G., Penny, J., Eaton, A. and Bloomfield, R. (2001). The Practicalities of Goal-Based Safety Regulation. Ninth Safety-Critical Systems Symposium 6-8 February, Bristol, UK.
  39. Oussalah, M., Nguyen, H.T., Kreinovich, V., Bloomfield, R.E. and Newby, M. (2001). Theoretical foundation for iterative assessment of conditional confidence measures in the framework of conditional measure theoretic-approach.
  40. Bloomfield, R.E., Craigen, D., Koob, F., Ullmann, M. and Wittmann, S. (2000). Formal Methods Diffusion: Past Lessons and Future Prospects.
  41. Bishop, P.G. and Bloomfield, R.E. (1998). A Methodology for Safety Case Development. Safety-critical Systems Symposium 98 February, Birmingham, UK.
  42. Bishop, P.G. and Bloomfield, R.E. (1996). Conservative theory for long term reliability growth prediction.
  43. Bishop, P.G. and Bloomfield, R.E. (1995). The SHIP Safety Case - A Combination of System and Software Methods. 14th IFAC Conf. on Computer Safety, Reliability and Security (SafeComp95) 11-13 October, Belgirate, Italy.
  44. (1988). VDM '88, VDM - The Way Ahead, 2nd VDM-Europe Symposium, Dublin, Ireland, September 11-16, 1988, Proceedings.

Journal articles (17)

  1. Bloomfield, R., Khlaaf, H., Conmy, P.R. and Fletcher, G. (2019). Disruptive Innovations and Disruptive Assurance: Assuring Machine Learning and Autonomy. Computer, 52(9), pp. 82–89. doi:10.1109/MC.2019.2914775.
  2. Bloomfield, R., Bishop, P., Butler, E. and Stroud, R. (2018). Security-Informed Safety: Supporting Stakeholders with Codes of Practice. Computer, 51(8), pp. 60–65. doi:10.1109/MC.2018.3191260.
  3. Bloomfield, R.E., Popov, P., Salako, K., Stankovic, V. and Wright, D. (2017). Preliminary interdependency analysis: An approach to support critical-infrastructure risk-assessment. Reliability Engineering and System Safety, 167, pp. 198–217. doi:10.1016/j.ress.2017.05.030.
  4. Netkachova, K. and Bloomfield, R. (2017). Is Chocolate Good for You - Or, Is the Cloud Secure? Computer, 50(8), pp. 74–78. doi:10.1109/MC.2017.3001250.
  5. Bloomfield, R., Bishop, P., Butler, E. and Netkachova, K. (2017). Using an assurance case framework to develop security strategy and policies. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 10489 LNCS, pp. 27–28. doi:10.1007/978-3-319-66284-8_3.
  6. Netkachova, K. and Bloomfield, R.E. (2016). Security-Informed Safety. Computer, 49(6), pp. 98–102. doi:10.1109/MC.2016.158.
  7. Shittu, R., Healing, A., Ghanea-Hercock, R., Bloomfield, R. and Rajarajan, M. (2015). Intrusion alert prioritisation and attack detection using post-correlation analysis. Computers and Security, 50, pp. 1–15. doi:10.1016/j.cose.2014.12.003.
  8. Bishop, P., Bloomfield, R., Littlewood, B., Popov, P., Povyakalo, A. and Strigini, L. (2014). A conservative bound for the probability of failure of a 1-out-of-2 protection system with one hardware-only and one software-based protection train. Reliability Engineering and System Safety, 130, pp. 61–68. doi:10.1016/j.ress.2014.04.002.
  9. Bloomfield, R.E. (2012). Are Things Getting Worse? IEEE Security & Privacy, 10, pp. 3–3. doi:10.1109/MSP.2012.115.
  10. Littlewood, B., Bishop, P., Bloomfield, R., Povyakalo, A. and Wright, D. (2011). Towards a formalism for conservative claims about the dependability of software-based systems. IEEE Transactions on Software Engineering. doi:10.1109/TSE.2010.67.
  11. Bloomfield, R.E. (2011). Evaluating resilience of multiple infrastructures: Some initial challenges. Proceedings - 5th Latin-American Symposium on Dependable Computing Workshops, LADCW 2011 pp. 39–40. doi:10.1109/LADCW.2011.22.
  12. Bloomfield, R.E. (2011). Resilient to the unexpected. IEEE Security and Privacy, 9(3), pp. 3–4. doi:10.1109/MSP.2011.62.
  13. Guerra, S., Bishop, P., Bloomfield, R. and Sheridan, D. (2010). Assessment and qualification of smart sensors. 7th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies 2010, NPIC and HMIT 2010, 1, pp. 499–510.
  14. Bloomfield, R.E., Guerra, S., Masera, M., Miller, A. and Weinstock, C.B. (2006). International working group on assurance cases (for security). IEEE SECURITY & PRIVACY, 4(3), pp. 66–68. doi:10.1109/MSP.2006.73.
  15. Bishop, P., Bloomfield, R., Guerra, S. and Tourlas, K. (2005). Justification of smart sensors for nuclear applications. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3688 LNCS, pp. 194–207. doi:10.1007/11563228_15.
  16. Bloomfield, R., Courtois, P.J., Littlewood, B., Strigini, L., Yih, S. and Fan, C.F. (2002). Letter to the editor [1] (multiple letters). Nuclear Engineering International, 47(570), p. 11.
  17. Bloomfield, R.E. and Froome, P.K.D. (1986). The Application of Formal Methods to the Assessment of High Integrity Software. IEEE Trans. Software Eng., 12, pp. 988–993. doi:10.1109/TSE.1986.6313053.

Reports (7)

  1. Bloomfield, R.E. (2012). ERTMS Specification Security Audit, Analysis of Attack Scenarios. The European Railway Traffic Management System (ERTMS).
  2. Bloomfield, R, , Chozos, N., , Popov, P.T., Stankovic, V., , Wright, D, and Howell-Morris, R, (2010). Preliminary Interdependency Analysis (PIA): Method and tool support..
  3. Gashi, I. and Bloomfield, R.E. (2008). Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems. City University London.
  4. Bishop, P.G., Bloomfield, R.E., Emmet, L.O., Johnson, C., Black, W., Hamilton, V. … Koorneef, F. (2003). Learning from incidents involving E/E/PE systems, Part 1: Review of methods and industry practice. ISBN 0-7176-2787-X.
  5. Bishop, P.G., Jones, C.C.M., Bloomfield, R.E. and Froome, P.K.D. (2001). Methods for assessing the safety integrity of safety-related software of uncertain pedigree (SOUP).. ISBN 0-7176-2011-5.
  6. Bloomfield, R.E. and Wetherilt, A. Computer trading and systemic risk: a nuclear perspective. London, UK: Government Office for Science.
  7. Bishop, P.G., Bloomfield, R.E. and Froome, P.K.D. Justifying the use of software of uncertain pedigree (SOUP) in safety-related applications. May 2001. ISBN 0-7176-2010-7.

Other Activities

Editorial activity

  1. I am an Associate Editor-in-Chief of the IEEE Security and Privacy magazine

Keynote lecture/speech

  1. The open challenge of security. Pasadena, CA, USA (2013). Keynote speaker at The 3rd International Workshop on Open Systems Dependability: Adaptation to Changing World at the 24th IEEE International Symposium on Software Reliability Engineering (ISSRE), Pasadena, CA, USA Nov 2013


  1. In 2013 I was called to give evidence to the Parliamentary Commission on Banking Standards following my wok on systemic risk and computer based trading..