Institute of Measurement and Control. Functional Safety 2016

Page 1

Keeping SIS secure in an integrated,

open automation environment

Paul Hingley

Siemens Process Industries and Drives

Sir William Siemens H use

Princess Road

Manchester

M20 2UR

Introduction

Over the last decade there has been a marked increase in cyber attacks aimed an Industrial

Automation and Control Systems (IACS). The increasing adoption of open standards, PCs, desktop

operating systems and commercial off the shelf equipment (COTS) and the increase in both

horizontal and vertical integration has made systems

potentially

more vulnerable to cyber threats.

The current drive toward digitalisation, the “Digital Enterprise”, the Industrial Internet of Things

(IIoT) and Industry 4.0, etc. promises sustainability for the industry but it relies heavily on integration

and therefore needs dependable cyber security as an enabler.

Functional safety relies on separation of the basic process control system (BPCS) and the Safety

Instrumented System (SIS) to help avoid common cause failures between independent protection

layers. Vendors of integrated control and safety systems have successfully developed techniques to

ensure logical separation and non-interference between control and safety from a functional safety

perspective, but now face the additional challenge of addressing common cause failures due to

cyber threats in an integrated, open environment. End users face the challenge of ensuring security

for installed systems and maintaining it through the operating life of the plant.

Protecting industry and critical infrastructure from cyber attack at the automation layer requires

that vendors, systems integrators and end users all address cyber security through the lifecycle and

adopt the best practises described in a range of new and evolving standards. This increasingly

involves the use of devices or products that have been developed to, and third party certified as

conforming to, these standards but selecting such certified components is only part of the answer.

This paper discusses cyber security in a SIS context and explores how to implement cyber security in

accordance with the evolving best practice standards in an increasingly open, integrated control and

safety landscape.

Importance of Security for Process Safety

Adopting best practice in terms of security is crucial because the impact of a cyber attack in a high

hazard process plant can be very serious; ranging from a financial impact due to loss of production

to, in more serious cases, disruption to critical infrastructure or even harm to people and the

environment and possible loss of life.

The SIS is often required to provide significant levels of risk reduction. Even a Safety Instrumented

Function (SIF) with a relatively modest safety integrity level (SIL) requirement such as SIL 2 could

correspond to a risk reduction factor of 1,000 fold and a SIS could well contain many such SIFs.

Functional safety standards such as IEC61508 and IEC61511 represent best practice in terms of

implementing a dependable SIS and, driven by the increasing concerns over cyber threats, the latest