Ensure your Safety System is Secure

Monday, July 8, 2013 @ 08:07 PM gHale

With ongoing changes on standards and regulations throughout the industry, ISSSource is launching a monthly question and answer segment sponsored by ABB that looks at solutions and best practices for safety.

Q: How do you ensure your safety system is secure?

A: One of the biggest concerns is users believe they are safe and secure when their system follows IEC 61508. However, the fact that a safety system is designed following IEC61508 and certified as SIL 3 capable does not ensure the system is safe and secure.

The latest revision of IEC61508 requires product designers to perform a threat analysis on the system to consider the impact of network security in the performance of the safety system. In addition to the safety requirements (traditionally linked to a SIL rating), this was not required in systems certified before 2010.

Over the years of working together, end users encouraged vendors to offer safety solution that were SIL 3 capable and also interfaced to BPCS using open networking elements opening SISs to a variety of exploitable vectors. Addressing those potential threats requires analysis and mitigation strategies particular to each case.

Today, most of the major vendors provide SIS solutions that sit on the same Ethernet infrastructure as the BPCS components. In such case the design should include zone definition, access control restriction across multiple zones and other methods to reduce the potential risk.

Users have many options, starting with the selection of the vendor considering a sound security strategy (i.e. one that considers security in system design, defaults and delivery of the installation plus a consistent communication strategy to alert user of potential risk or emerging threats and mitigation) to implementing advanced network analysis tools that specifically monitor traffic originating from and destined to the SIS. Deep packet inspection/content filtering must deploy on any shared network to provide assurance that these systems are functioning as designed or even deploying application-layer unidirectional security gateways.

However, the best way to ensure safety and security is to take a proactive approach and implement a functional safety and security lifecycle management, this allows the user to identify threats and ways to mitigate them.

For more answers to your cyber security and process safety questions visit Process Automation Insights.

For additional resources on safety best practices click here to download eGuides on Safety and Security.

Leave a Reply

You must be logged in to post a comment.