Professional Documents
Culture Documents
2
Introduction
3
Functional Safety
& Cybersecurity
How Your SIS Can be Infected!
4
What is IACS Security?
Prevention of intentional or unintentional interference with
the proper operation of industrial automation and control
systems via the use of:
+ computers, networks, operating systems, applications
+ other programmable configurable components of the system
Goes by many names:
+ SCADA Security
+ PCN Security
+ Industrial Automation and Control System Security
+ Control System Cyber Security
+ Industrial Network Security
+ Electronic Security for Industrial Automation
and Control Systems
5
Functional Safety & Cyber
The final task in the assessment or FEED phase is to Groupings of Requirements
document the system-level cyber security requirements Access Control requirements
+ Identification and authentication
Scope and purpose of the system of users
Physical and environmental security requirements + User roles and privileges
+ User administration
General cyber security requirements
Confidentiality, Integrity and
Zone and Conduit specific requirements Availability requirements
Monitoring and reporting
requirements
ISA 62443-3-3 “System security requirements and security levels” is the standard that
provides the overall system level cyber security requirements for IACS (Industrial
automation and control system).
Additional guidance is provided by ISATR84.00.09 “Cybersecurity Related to the Functional
Safety Lifecycle”
6
Changes in IEC61511-1 - 2016
7
What Are IACS Vulnerabilities?
8
Pathways into the Control Network
Infected Remote
Internet Support
Office LAN
Unauthorized
Connections
Mis-Configured Infected
Laptops
Firewalls
Modems
Plant Network
Control LAN
External
PLC Networks
RS-232 Links
9
Why is IACS Security Important for SIS?
10
Why Is This Important?
11
Functional Safety
& Alarm Management
How Your SIS Can be Affected! SIL 2 SIL 1
(RRF = 667) (RRF = 10) (RRF = 15)
Process
Zero High
Risk
12
Safety & Alarm Management
13
What is the purpose of an Alarm?
14
Common Alarm Management Issues
Alarm Overload
(Too many alarms for the operator, which
compromises the BPCS/Alarm protection
layer, increasing demands on the SIS,
leading to increased risk)
Alarm Floods
Nuisance Alarms
+ Chattering Alarms
+ Standing / Stale Alarms
The presence of these issues diminishes the usefulness
+ Bad Actors / Frequently Occurring of the alarm system
+ Redundant Alarms
+ Alarms which have no response
Alarms with the Wrong Priority
15
ISA-18.2 Standard
Philosophy
Identification
Rationalization
Management
of Change
Detailed Design Audit
Implementation
Operation
Maintenance
Recognized as “Good Engineering Practice” by insurance companies and regulatory agencies (OSHA)
16
What is an Alarm? (ISA-18.2)
An audible and/or visual means of indicating to the
operator an equipment malfunction, process deviation or
other abnormal condition requiring a (timely) response.
(ISA-18.2/ IEC 62682)
Notifications
Events
Operator Action No Operator Action
Type of Event
Required Required (Informational)
Alarm Rationalization
Alerts Alarms helps to ensure alarms meet
Abnormal Alarm Alerts
these criteria
17
Key Design Principles
18
Safety Alarms
Safety Alarm (Safety Related Alarm) SAFEGUARDS
An alarm that is classified as critical to
process safety or to the protection of human
life or the environment. (ISA-18.2-2016)
Specification
Define what is considered a Safety Alarm
IPLs
for your site
+ Prevention vs. Mitigation
+ Loss of Key Utility (power, air…)
+ SIS Diagnostic Fault SAFETY ALARMS
+ SIS Trip Failure
+ Defined as an IPL
+ Loss of Containment
+ Toxic Gas Detection
19
Key Requirements for Safety Alarms
20
Alarm Rationalization
Determine whether alarm is justified &
necessary (based on criteria in alarm
philosophy document)
Document alarm purpose / objective (cause,
consequence, corrective action, response
time)
Document design (limit, priority,
classification…)
Record Results in a Master Alarm Database
(MADB)
21
Alarm Rationalization
22
Alarm Response Procedures / Operator Training
23
Monitoring & Assessment of Alarm System Performance
24
Conclusion
Including Cyber Security and Alarm Rationalization
when considering SIS applications will enhance
performance and improve safety
Performing a Cyber risk assessment when
performing PHAs will save time and money later on
when assessment and implementation will become
more costly
Identifying alarms during PHAs, as potential
protection layers, will ensure prioritization and enable
a master alarm database to be created early on
SIS designers will have to consider these
requirements for implementation
25
Thank You For Listening
Questions?
Sensiaglobal.com