Institute of Measurement and Control. Functional Safety 2016
Page 1
Keeping SIS secure in an integrated,
open automation environment
Paul Hingley
Siemens Process Industries and Drives
Sir William Siemens H use
Princess Road
Manchester
M20 2UR
Introduction
Over the last decade there has been a marked increase in cyber attacks aimed an Industrial
Automation and Control Systems (IACS). The increasing adoption of open standards, PCs, desktop
operating systems and commercial off the shelf equipment (COTS) and the increase in both
horizontal and vertical integration has made systems
potentially
more vulnerable to cyber threats.
The current drive toward digitalisation, the “Digital Enterprise”, the Industrial Internet of Things
(IIoT) and Industry 4.0, etc. promises sustainability for the industry but it relies heavily on integration
and therefore needs dependable cyber security as an enabler.
Functional safety relies on separation of the basic process control system (BPCS) and the Safety
Instrumented System (SIS) to help avoid common cause failures between independent protection
layers. Vendors of integrated control and safety systems have successfully developed techniques to
ensure logical separation and non-interference between control and safety from a functional safety
perspective, but now face the additional challenge of addressing common cause failures due to
cyber threats in an integrated, open environment. End users face the challenge of ensuring security
for installed systems and maintaining it through the operating life of the plant.
Protecting industry and critical infrastructure from cyber attack at the automation layer requires
that vendors, systems integrators and end users all address cyber security through the lifecycle and
adopt the best practises described in a range of new and evolving standards. This increasingly
involves the use of devices or products that have been developed to, and third party certified as
conforming to, these standards but selecting such certified components is only part of the answer.
This paper discusses cyber security in a SIS context and explores how to implement cyber security in
accordance with the evolving best practice standards in an increasingly open, integrated control and
safety landscape.
Importance of Security for Process Safety
Adopting best practice in terms of security is crucial because the impact of a cyber attack in a high
hazard process plant can be very serious; ranging from a financial impact due to loss of production
to, in more serious cases, disruption to critical infrastructure or even harm to people and the
environment and possible loss of life.
The SIS is often required to provide significant levels of risk reduction. Even a Safety Instrumented
Function (SIF) with a relatively modest safety integrity level (SIL) requirement such as SIL 2 could
correspond to a risk reduction factor of 1,000 fold and a SIS could well contain many such SIFs.
Functional safety standards such as IEC61508 and IEC61511 represent best practice in terms of
implementing a dependable SIS and, driven by the increasing concerns over cyber threats, the latest