Institute of Measurement and Control. Functional Safety 2016

Page 6

Guidance Document ISA TR84.00.09 - Security Countermeasures

Related To Safety Instrumented Systems (SIS)

The scope of ISA TR84.00.09:2013 is to address and provide guidance as to the countermeasures

used to reduce the likelihood of security threats to the SIS. This relates to cyber security from both

inside and outside the plant boundary.

It maps on to the “structure” of the safety standard IEC 61511 and supplements the following

clauses.

•

Functional Safety Management (Clause 5)

•

Hazard and Risk Analysis (Clause 8)

•

Allocation of Safety Layers to protection layers (Clause 9)

•

Safety Requirement Specification (Clause 10)

•

Design and Engineering of the SIS (Clauses 11,12)

•

Installation, Commissioning & Validation (Clause 14,15)

•

Operation & Maintenance (Clause 16)

It starts from the premise that security will be addressed for the IACS in total but also makes a

number of suggestions specific to the SIS.

To meet the requirements of ISA TR84.00.09 and IEC 62443 in general stakeholders should address

the following points:-

·

Security Management , Security Policy, Processes, Audits

·

Definition of roles and responsibilities

·

Competence & competency management

·

Inventory of Cyber assets (including subsystems, network devices, software);

·

Cyber security risk assessment.

·

Security of operation

o

Network segregation into Zones

o

Defence in Depth

·

Maintenance policy to keep system up to date;

·

Backup and host protection (e.g. antivirus, application white listing) management

·

Patch upgrade management

·

Security Management , Security Policy, Processes, Audits

·

Incident response and disaster recovery plan;

·

periodic vulnerability checks and analyses of threats.