Table of Contents Table of Contents
Previous Page  725 / 1145 Next Page
Information
Show Menu
Previous Page 725 / 1145 Next Page
Page Background

Institute of Measurement and Control. Functional Safety 2016

Page 13

Conclusion

Cyber security vulnerabilities can open the door to attacks which compromise the effective

operation of a SIS, either causing nuisance trips or potentially impacting on the ability to respond

when there is a real demand.

Functional Safety standards now explicitly require security to be addressed for Safety Instrumented

Systems.

Implementation of cyber security is similar in many ways to implementation of functional safety and

both should be considered in parallel during risk assessment, design, implementation and operation.

Recent high profile industrial accidents highlight the need for continuing improvement in safety

culture and process safety management is increasingly a focus for senior management in successful

high-hazard companies. The same approach needs to be taken with cyber security management to

bring it up to the same level of maturity as a discipline.

There is SIS specific guidance is out there (e.g. ISA TR84.00.09:2013 and IEC 62443-2-4

)

As with Safety the use of Certified Products is only part of the answer.

Implementing a secure Industrial automation and control system is just the start. Keeping such a

system secure requires awareness of security issues, a security culture and implementation of a

security management system to assist in establishing and maintaining security over time.

Relying on an air-gap as a defence against cyber threats is not sufficient. Today’s world grows ever

more connected and this expectation in terms of connectivity will inevitably mean that any air-gap

will be breached at some point. To rely on the air gap as the most effective form of defence is

misguided.

By following best practice and “Defence-in-Depth” guidance it is possible to implement Safety

Instrumented Systems which are both integrated and secure.

By following vendor security concepts it is possible to still be integrated and still effectively address

security

To meet your safety goals you have to address security.

References

IEC61508-1 Ed 2.0, 2010

IEC61511-1 Ed 2.0, Feb 2016

IEC 62443, 2010; Network and system security for industrial-process measurement and control

ISA TR84.00.09:2013

1 720 721 722 723 724 725 726-727 728-729 730-731 732-733 734-735 736-737 1145  FlippingBook