Institute of Measurement and Control. Functional Safety 2016

Page 7

Also stakeholders should seek to address the following SIS specific recommendations, many of which

leverage the synergies which exist between security and safety:-

·

Including the security requirements in the Safety Requirement Specification (SRS)

·

Linking the security risk assessment into the process hazard analysis

·

The personnel responsible for Cyber Security to be engaged during each phase of the SIS

lifecycle.

·

The organization responsible for Safety should be involved during each phase of the Security

lifecycle

·

Safety Manuals should document security countermeasures

·

SIS vendor to supply security concepts

·

SIS system should be designed with defense in depth strategy

·

Cyber Security Risks due to the BPCS / SIS Integration should be considered.

·

Any events associated with the SIS security countermeasures should be logged and

continuously monitored.

·

A documented plan should be in place that specifies how responses to intrusion demands

are addressed and responded to.

·

The SIS system software and the cyber security protection software should be updated as

needed. When SIS workstations are updated, an authorized person should be present.

·

Back-up and restoration means and procedures of all the SIS network configurations should

be in place and tested.

·

Remote Access

·

Guidance on how to implement remote access for the SIS.

How useful is Certification in achieving safety & security?

Third party certification is used as a tool to help demonstrate compliance to the relevant standards

and its use is commonplace in functional safety. This is also increasingly the case for security. BPCS

and SIS vendors are increasingly offering products certified by third parties and using certification of

practices to help demonstrate that safety and security are being addressed both at product level and

in engineered solutions. This can certainly be helpful but it is not simply a case of selecting the right

components as can be seen from the list of recommendations above.

Concept of “Defence in Depth” for Industrial Security

The concept of defence in depth is a security strategy in which several layers of defence wrap

themselves around the system to be protected, in this case the automation system, like the layers in

an onion’s skin. The implementation of defence-in-depth requires a combination of various different

security measures.

Physical and organizational security measures are summarized under the heading "Plant Security".

Measures concerning the security cells, such as forming security cells, securing access points and the

secure communication between different security cells, are summarized under the heading

"Network Security".

Measures such as "system hardening", "user and patch management" as well as "malware detection

& prevention" are summarized under the heading "Integrity Protection or endpoint Protection".