Table of Contents Table of Contents
Previous Page  712 / 1143 Next Page
Information
Show Menu
Previous Page 712 / 1143 Next Page
Page Background

Institute of Measurement and Control. Functional Safety 2016

Page 2

editions of IEC61508 and IEC61511 have both been updated to contain specific requirements

regarding the need to consider and address security.

Rise in Cyber threats

Historically we have seen an accelerated evolution of cyber threats, with the paradigm changing

every 3 years or so. From “Hacking for fun” by hobbyists the focus has shifted to “Hacking for money

Cybercrime” by organized criminals followed by “Hacking for political and economic gains” by

“Hacktivists” and state sponsored agents. Today we see further refinement of Cybercrime, with

Ransomware and Cyber extortion. Juniper research recently predicted that the rapid digitization of

consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion

globally by 2019, increasing to almost four times the estimated cost of breaches in 2015.

1

The future

looks even more alarming with emerging signs of increasing attempts at Cyber-warfare.

The focus on industrial security started seriously in July 2010 because of Stuxnet, which was the first

high profile case where a cyber attack specifically targeted a control system for the purpose of

industrial sabotage. This was followed by increased focus on industrial security at Security

Conferences such as Blackhat and DEFCON in 2010 and 2011. Presently we see emerging dangers

posed by automated tools exploiting SCADA vulnerabilities like "Metasploit" or scanning engines to

detect industrial equipment in the Internet like "Shodan". The Increased know-how of security

researchers has seen publicity-seeking presentations turn into more serious and realistic technical

presentations such as those seen at Blackhat and DEFCON 2013. This comes in the climate of

increasing commercial and political exploitation of security vulnerabilities.

<HOLD- Maybe add something a bit more contemporary such as the Ukraine Blackout>

Comparison of Safety and Security

Safety and security in this context are defined as follows:-

Safety

“Freedom from unacceptable risk of physical injury or of damage to the health of people, either

directly or indirectly as a result of damage to property or to the environment.”

IEC 61508-4

Security

“Prevention of illegal or unwanted penetration of or interference with the proper and intended

operation of an industrial automation and control system”

IEC 62443-1-1

There are many similarities in the approaches adopted by functional safety standards and cyber-

security standards and some key differences

1

Anon(2015) Cybercrime will Cost Businesses Over $2 Trillion by 2019 Juniper Research Online:

http://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion
1 704-705 706-707 708-709 710 711 712 713 714 715 716 717 718 1143  FlippingBook