Unrestricted / © SiemensAG 2016. All Rights Reserved.

Best Practice for Security.

SIS Specific recommendations

•

Include the security requirements in the Safety

Requirement Specification (SRS)

•

Linking the security risk assessment into the

process hazard analysis

•

The personnel responsible for Cyber Security to be

engaged during each phase of the SIS lifecycle.

•

The organization responsible for Safety should be

involved during each phase of the Security lifecycle

•

Safety Manuals should document security

countermeasures

•

SIS vendor to supply security concepts

•

SIS system should be designed with defence in

depth strategy

•

Cyber Security Risks due to the BPCS / SIS

Integration should be considered.

•

Any events associated with the SIS security

countermeasures should be logged and

continuously monitored.

•

A documented plan should be in place that specifies

how responses to intrusion demands are addressed

and responded to.

•

The SIS system software and the cyber security

protection software should be updated as needed.

When SIS workstations are updated, an authorized

person should be present.

•

Guidance on how to implement remote access for

the SIS.