Institute of Measurement and Control. Functional Safety 2016

Page 8

Figure 3 Defence in Depth

SIS specific recommendations from IEC 62443 -2-4

IEC 62443 -2-4 suggests that vendors should have the capability to provide or ensure some

additional SIS specific security controls around risk assessment, network design, workstation devices,

wireless access and the user interface. As an example the capability to provide a physical switch to

control the ability to make configuration changes to the SIS. These are to be found in Table A.1

under the functional area SIS.

SIS architecture considerations in appendix A of ISA TR84.00.09

The typical BPCS & SIS architectures can be categorized in a number of different ways (i.e. air-gap,

interfaced, integrated and common). Each approach has its advantages and disadvantages from a

safety point of view, as well as presenting different security challenges. The various architectures

are described below along with some discussion of the associated security considerations:-