Integration of Security, Functional and Ecology
Safety Management Systems:
Concept and Industrial Case
Sergiy Dotsenko
Department of specialized computer systems
of Ukrainian State University of
Railway Transport of National aerospace university “KhAI”
Kharkiv, Ukraine
1sirius_3k3@ukr.net
Vyacheslav Kharchenko
Department of computer systems, Department of specialized computer systems
networks and cybersecurity
of National aerospace university “KhAI”
Kharkiv, Ukraine
v.kharchenko@csn.khai.edu
Abstract—The purpose of the article is to substantiate
the method of integration of the environmental management
system in the enterprise management system. In order to
meet the requirements of ISO 7498-2-99, the structure of a
multilevel integrated enterprise security management
system has been developed. The system provides security
management for physical, information, signaling and
environmental spaces. An additional environmental
management layer was introduced in comparison with the
security management system proposed in [12]. The
integration of environmental management meets the
requirements of IEC 62264-1-2014. This allows us to form
inter-layers connections and coordinate the operation of
individual subsystems at the physical security, information
(cyber) security, functional and ecological security layers.
The implementation of this approach enhances enterprise
security and environment security as a whole.
Keywords—security, functional safety, ecology safety,
management system, industrial case.
I. INTRODUCTION
An important part of the implementation of strategy of
Industry 4.0 is the formation of enterprise security
management. According to [1], the term “security” used
for minimizing the vulnerability of means and resources.
Any means have their correspondent value. Vulnerability
can be defined as a sort of weakness that can be used to
violate the system or information contained therein. In a
global sense threat can be defined as a potential breach of
system’s protection. According to [1], security
management is an enterprise function that includes the
following features of the production site: safety,
information security, and computer security. The main
role of security in the production process is to guarantee
that only authorized personnel can make changes in it or
influence production in a permissible manner. Physical
security also implies access control, information flows
control and much more.
Development information technologies at the
beginning of the twenty-first century stimulated the
development of models and methods of enterprise
978-1-7281-9957-3/20/$31.00 © 2020 IEEE
Authorized licensed use limited to: Carleton University. Downloaded on July 28,2020 at 06:46:01 UTC from IEEE Xplore. Restrictions apply.
Herman Fesenko Oleg Illiashenko
Department of computer systems, Department of computer systems,
networks and cybersecurity networks and cybersecurity
of National aerospace university “KhAI”
Kharkiv, Ukraine Kharkiv, Ukraine
h.fesenko@khai.edu o.illiashenko@csn.khai.edu
Valentin Moiseenko Liudmyla Yermolenko
Department of specialized computer systems
of Ukrainian State University of of Ukrainian State University of
Railway Transport Railway Transport
Kharkiv, Ukraine Kharkiv, Ukraine
mvi53@ukr.net ermolenkolp1@gmail.com
integration [3], as well as integrated management systems
[4]. Standard [2] sets requirements for the integration of
enterprise management systems, one of which is its
information security system [5]. These standards are the
basis for the development of integrated functional
security systems for intelligent manufacturing systems
[6]. Works [7, 8, 9, 10] are also dedicated to this
direction of research.
The developed and applied ITs are based on the
representation of their functions. Besides, the IEC 62264-
1-2014 standards specify that the following aspect should
be the most important: methodologies of the enterprise
modeling in which physical, informational and cybernetic
(in the form of data transmission) representations are
presented. This requirement is particularly relevant to the
concept of Industry 4.0.
Therefore, the following tasks are important to assure
the physical security by limiting access to the objects, to
realize control of the flow of information that comes out
of objects to protect intellectual property and to control
data transmissions, to avoid influencing the production
process by unauthorized remote access.
Unfortunately, this standard does not contain
requirements for the management of technological risks
for enterprise that may arise in the course of the
enterprise's activities and which may cause environmental
damages. IEC 62264-1:2014 standard introduces a system
to protect the enterprise from external and internal
threats. Management of risks of the harmful effects of the
enterprise activity on the environment is not considered.
Wherein, the damages that the enterprise may cause to
the environment creates for the enterprise the risk of
obtaining image, material, and moral losses. So for the
enterprise security management system we recommend
distributing the control object into two components,
specifically: technological processes, that are realized in
real-time mode as well as organizational processes that
provide the organization of technological processes and
are implemented beyond the boundaries of technological
processes (physical processes) and.
470
 It is clear that technological processes carry risks of
harm to the environment, and therefore these risks need
to be managed in real-time. Currently, enterprise
environmental management systems are being
implemented in accordance with a series of ISO 14000
standards [11] whose development is also based on the
methodology of the ISO 9000 series of standards. In this
case, a methodology is fundamentally different from the
methodology used to form traditional automatic and
automated control systems. It is based on the principle of
a systematic approach. It is assumed that such systems
operate in the mode of delayed time, i.e., the elements of
the control cycle are implemented at different points in
time. This leads to contradictions, specifically,
technological processes are implemented in real-time
mode, elements of the control cycle are implemented in
the delayed time mode.
The solution to this contradiction is possible by
substantiating the feasibility of forming environmental
management systems based on the principles of forming
systems of automatic and automated management.
Therefore, the purpose of this article is to substantiate the
method of integrating the environmental management
system into enterprise management system.
The paper is organized in the next way. In section II
we analyze the methodology of formation the
environmental management system. Section III presents
the integration of the environmental management system
into the integrated enterprise security management
system. We discuss examples of practical implementation
of the proposed concept in Section IV and conclude our
work in Section V.
II. ANALYSIS OF THE METHODOLOGY OF FORMATION
ENVIRONMENTAL MANAGEMENT SYSTEMS
As it is stated in [11] “the societal expectations for
sustainable development, transparency and accountability
have evolved with increasingly stringent legislation,
growing pressures on the environment from pollution,
inefficient use of resources, improper waste management,
climate change, degradation of ecosystems and loss of
biodiversity. It pushed organizations to adopt a
systematic approach of environmental management by
implementing special environmental management
systems with the aim of contributing to the environmental
pillar of sustainability”. At the same time, on the basis of
a systematic approach to environmental management, it is
possible to provide top management with information that
will be useful for achieving long-term success and
acquiring opportunities that will contribute to sustainable
development. So, the main task of the environmental
management system is to “provide top management with
information to build success over the long term and
create options for contributing to sustainable
development.”
Unfortunately, no task of real-time managing
environmental security risks is set. At the same time, the
main method of management is determined the method of
controlling the ways of (or influencing them)
development of products and services of the organization;
production, distribution, consumption, and disposal,
471
Authorized licensed use limited to: Carleton University. Downloaded on July 28,2020 at 06:46:01 UTC from IEEE Xplore. Restrictions apply.
taking into account aspects of the life cycle of the project
that prevents the environmental impact from an
unanticipated transition from one stage of the life cycle to
another throughout the life cycle [11]. That is, the main
possible source of environmental impact is the
"unpredictable transition from one stage of the life cycle
to another. However, environmental risks exist at all
stages of the life cycle. Unfortunately, this aspect is not
taken into account.
The Plan-Do-Check-Act (PDCA) concept is the basis
for the environmental management system. The PDCA
model reflects an iterative process used by organizations
to achieve continuous improvement, and can be applied
to the environmental management system and to each of
its individual elements. According to this approach, the
fundamental principle is the continuous improvement of
the environmental management system. That is, one
aspect of the environmental management system activity
is the requirement of self-improvement. Figure 1 shows
the general scheme described in the standard to be
mapped out by the PDCA model, which can help new and
current users realize the importance of a systems
approach.
Fig.1. Accordance between the PDCA model and the general
scheme presented in the standard
From the overview of organizational security
management and environmental management approaches,
there are contradictions between these approaches as
follows:
 enterprise security management systems are
developed as automatic and automated control systems
with uniquely defined control objects and methods for
constructing control systems [12];
 for the environmental management systems that
are not uniquely defined there is the principle of their
formation (defined only the content of the management
cycle of the PDCA), and the objects of management:
"unpredictable transition from one stage of the life cycle
to another".
It is proposed to consider the solution of the problem
of formation of the environmental management system on
the basis of the methodology of formation of enterprise
security management systems in accordance with the
requirements of IEC 62264-1-2014.
 III. INTEGRATION OF THE ENVIRONMENTAL MANAGEMENT
SYSTEM INTO THE INTEGRATED ENTERPRISE SECURITY
MANAGEMENT SYSTEM
Based on the requirements of IEC 62264-1-2014 [2], in
terms of security, the most significant requirement should
implies the enterprise modeling methodologies where physical,
informational and cybernetic views are represented. Based on
that, Figure 2 presents the integrated enterprise security
management system proposed in [12]. The architecture of each
channel of this control system is similar to the architecture of
the operation management system.

Fig.3. Integrated Enterprise Management System with Enterprise

Security Management System

The integration of security management system of

enterprise into enterprise management system includes the
communication of production process management subsystems
with the respective security management subsystems. A similar
interaction do exists between production subsystems and
subsystems that describe the Signal level, Information level and
Physical Security level. Further development of the enterprise
security management system (Fig. 2) is a system which
Fig.2. Integrated Safety and Security Management System includes an environmental management channel (Fig. 4).
The system includes three interconnected security areas at
the different levels: Physical, Information and Signal spaces.
Let us examine the operation of the system at the example of
the security management channel "Physical Space" according
to [12]. The security status signals of the enterprise as a
physical object (Xps) are transmitted to the PSP block in which
the corresponding diagnosis is formed (Zps). This diagnosis is
transmitted to the adder. Then it is compared with the reference
value (Xpsе) formed in the PSE and the formation of the control
signal as the difference (ΔXpsе) = (Zps) – (Xpsе) is provided.
Under the influence of the resulting signal, a control action is
formed in the PSM unit, which is directed to processes in
Physical Space. Similar algorithm is implemented in the
channels "Information Space" and "Signal Space".
Control channels integration is taken place by sending
control signals from the channel "Physical Space" (PSM) to the
inputs of ISM and FSM. Due to this fact, the channels
Information and Signal Spaces are managed based on the state
of the Physical Space control channel. Moreover, control
commands from the ISM and FSM blocks are proceed to the
PSM block. Due to this, the control action in the PSM unit is
formed in accordance with the states of the channels
Information and Signal Spaces. The system discussed above
(see Fig. 2) forms part of the overall management system of the Fig.4. Integrated Enterprise Management System with Environmental
enterprise. The results of integration of the enterprise Management System
management system together with an enterprise security
management system is depicted on Fig. 3 [13]. This channel provides obtaining information of the state of
technological processes (the element “Object”) and the state of

472

Authorized licensed use limited to: Carleton University. Downloaded on July 28,2020 at 06:46:01 UTC from IEEE Xplore. Restrictions apply.
the environment (the element “I&C of the environment”). On the
basis of this data, the ESP unit generates data on the state of the
environment and the process Zes. Comparison of these data with
the data of the reference signal Xese provides the formation of a
discrepancy signal ΔXese on the basis of which the control signal
Yes is formed. This signal provides the implementation of impact
on the environment directly as well as the effect on the
technological process through the block “FSM”.
The peculiarity of this method of integration of the
environmental management system into the enterprise
management system are:
 the sources of information are actually technological
processes that have additional special sensors that check
deviations of technological parameters from the specified ones,
as well as sensors of the system of monitoring environmental
parameters;
 the methodological basis for the construction of the
environmental management system is the theory of automatic
and automated control systems which provides modeling of both
management objects and the actual control system;
 the main focus of the environmental management
system is on managing the risks of environmental safety but not
on the continuous improvement of the elements of the system
itself;
 the concept of a systematic approach to the
development of management systems was formed in time when
highly specialized management systems for certain objects,
aspects of activity and technological processes of enterprises
were developed;
 by this time the concept of enterprise integration based
on the latest information technologies [14], management systems
[2] and management [15] has been developing rapidly.
IV. EXAMPLES OF PRACTICAL IMPLEMENTATION OF THE
PROPOSED CONCEPT OF FORMING AND ENVIRONMENTAL
MANAGEMENT SYSTEM
The problem of environmental protection is divided into two
parts, depending on the level of risk of harm to the environment.
The first is the problem of protection from the damage by
facilities with increased danger. The second is the problem of
defense against the injury by industrial and agricultural
enterprises. In order to protect against harm from industrial and
agricultural enterprises, it is proposed that these enterprises
voluntarily establish environmental management systems in
accordance with the requirements of the ISO 14000 series, the
characteristics of which are discussed above.
To protect the environment against injury from objects
(companies) with increased environmental risk (of facilities with
increased danger) according to national and international
documents proposed to form environmental monitoring [16 –
18]. Thorough analysis of the current state of the environmental
monitoring tasks was performed in [19]. According to the results
of this analysis, monitoring of environmental impact of facilities
of increased danger for the environment and providing them with
environmental reporting will allow to increase the amount of
operative information on the state of environment, to improve
control over the compliance of enterprises with environmental
regulations, to take management and technical decisions at
enterprises to prevent negative impact on environment.
According to [19], modern automated environmental
monitoring systems have been developed both in Ukraine and in
473
Authorized licensed use limited to: Carleton University. Downloaded on July 28,2020 at 06:46:01 UTC from IEEE Xplore. Restrictions apply.
other countries of the world. Examples of such systems are
automated information and measuring system for environmental
monitoring of the production of CJSC “UKRANALIT”,
automated measuring system of production and environmental
monitoring of production of the Corporation
“UKRATOMPRILAD”, automated groundwater monitoring
system “Ozone AKVA” and others.
The requirements for the development of such systems are
given in the following documents [19]: Rules for the creation and
operation of automated systems of environmental control and
monitoring (ASECM) of objects (enterprises) of high
environmental risk (facilities with increased danger) and the
rules for their creation and operation; Ministry of Emergencies
standard of Ukraine “Safety in emergencies automated systems of
early detection emergencies and notification. Types and general
technical requirements” (SOUME 75.2-00013528-003:2011).
So the task of monitoring the state of the environment is
considered as an independent self-sufficient task. But in order to
prevent harmful effects on the environment, it is necessary to
form control (corrective) actions in real time. It is clear that
monitoring systems are the first important task but it is the only
part of the environmental management system. After all, the task
for an environmental management system is to ensure safety
conditions of the environment. Therefore, the task of forming
environmental safety management systems for high-risk objects
remains unresolved.
An example of the integration of physical, information,
functional and environmental security systems is NPP
management systems. In particular, the automated radiation
monitoring system (ARMS) on Zaporizhzhya NPP is responsible
for the continuity of monitoring the parameters characterizing the
radiation status at the industrial site of the NPP, in the sanitary
protection zone, in the observation area during the normal
operation of the NPP, in the case of design accidents, and
termination of their operation. ARMS is built as an automated
two-level measuring information system with centralized
automated control of functioning and distributed organization of
measuring, collecting and processing information (Fig. 5).
Fig.5. Structure of ARMS “Zaporizhzhya NPP”
 The following functions are implemented at the high
level:
 collection and operation the information from the
lower ARMS level;
 providing the operator with the operating modes
controls of ARMS with modern human-machine interface;
 display the controlled parameters in a format
convenient for perception, diagnosis and management;
 performance of special calculations; control of the
modes of operation of the lower level of ARMS;
 organization of ARMS performance and
workability testing;
 development and issuance of recommendations, as
well as implementation of forecast calculations;
 exchange of information with related systems and
consumers.
The lower level of ARMS implements the following
functions:
 automatic measurement of radiation parameters,
temperature and volume consumption of gas-aerosol
emissions and discharges;
 automatic measurement of meteorological
parameters that characterize the state of the atmosphere;
 automatic measurement and measurement by the
laboratory of external radiation control of radiation
parameters characterizing the radiation situation at the
industrial site, in the sanitary protection zone and the
observation zone; automatic mode of operation of the
suction unit in the mode of emergency radiation situation;
 organization of performance and workability
testing of low-level equipment;
 accumulation, initial processing, indication and
transfer of information to the top level of the system.
Thus the ARMS is an integral part of the overall NPP
safety management system in addition to the information
and control systems that ensure the safe operation of the
reactor equipment and the like.
V. CONCLUSION AND FUTURE WORK
In order to meet the requirements of ISO 7498-2-99 for
the allocation of security areas, a multi-level integrated
enterprise security management system has been developed.
The system provides security controls for physical,
information, signaling and environmental spaces. An
additional eco-safety management unit was introduced in
comparison with the safety management system proposed in
[12]. Integration of the environmental management
subsystem complies with the requirements of IEC 62264-1-
2014.
This allows one to form inter-circuit connections and
coordinate the operation of individual subsystems at the
levels of physical security, information (cyber) security,
functional and ecological safety. The implementation of this
approach enhances the security of enterprises and the
environment in general. It also can be used in order to
developed cybersecurity (and not only) assurance cases for
the demonstration of compliance with security standards
[21].
474
Authorized licensed use limited to: Carleton University. Downloaded on July 28,2020 at 06:46:01 UTC from IEEE Xplore. Restrictions apply.
REFERENCES
[1] ІSО 7498-2:99, Information technology. Open Systems
Interconnection. Basic Reference Model. Part 2. Security Architecture
[2] IEC 62264-1-2014, Enterprise-control system integration. Part 1.
Models and terminology
[3] ISO 19439:2006, Enterprise integration — Framework for enterprise
modeling
[4] PAS 99:2006 Specification of common management system
requirements as a framework for integration
[5] ISO/IEC 27000:2018, Information security management systems -
Overview and vocabulary
[6] Kosmowski K. T., Śliwiński M., Piesik J., Integrated Functional
Safety and Cybersecurity. Analysis Method for smart manufacturing
systems. Task Quar terly vol. 23, No 2, 2019, P. 177–207 (2019)
[7] Kosmowski K., Gołębiewski D., Functional safety and cyber security
analysis for life cycle management of industrial control systems in
hazardous plants and oil port critical infrastructure including
insurance, Interreg Baltic Sea Region, HAZARD Report (2019)
[8] Li S. W., et al. Architecture Alignment and Interoperability, An
Industrial Internet Consortium and Platform Industrie 4.0,
IIC:WHT:IN3:V1.0:PB:20171205 (2017)
[9] MERgE 2016 Safety & Security, Recommendations for Security and
Safety Co-engineering, Multi-Concerns Interactions System
Engineering ITEA2 Project #1 101 1
[10] Kosmowski K. T., Safety Integrity Verification Issues of the Control
Systems for Industrial Power Plants, Advanced Solutions in
Diagnostics and Fault Tolerant Control, Springer International
Publishing AG 420 (2017)
[11] ISO 14001:2015, Environmental management systems —
Requirements with guidance for use.
[12] Kharchenko V., Dotsenko S., Illiashenko O., Kamenskyi S.,
"Integrated Cyber Safety & Security Management System: Industry
4.0 Issue" 2019 10th International Conference on Dependable
Systems, Services and Technologies (DESSERT), Leeds, United
Kingdom, 2019, P. 197-201.
[13] Dotsenko S., Illiashenko O., Kamenskyi S., Kharchenko V.
"Integrated Security Management System for Enterprises in Industry
4.0", Information & Security: An International Journal 43, no. 3
(2019), P. 294-304.
[14] ISO 19439:2006 Enterprise integration — Framework for enterprise
modeling (IDT).
[15] PAS 99: Publicly Available Specification for Common Management
Systems.
[16] Resolution of the Cabinet of Ministers of Ukraine from December 05,
2007 No. 1376 “On Approval of the State Target Environmental
Program for Environmental Monitoring”
[17] Resolution of the Cabinet of Ministers of Ukraine of August 28, 2013
No. 808 “On approving the list of activities and objects posing an
increased environmental hazard”
[18] RD 52.04.186 - 89 "Guidelines for the control of atmospheric
pollution" (the validity of the document was extended by the Order of
the SES of Ukraine №473 from 31.08.2017)
[19] Dmitrieva O., Palaguta O. (Eds.) et.al, Development of a draft
methodology for monitoring the impact on environmental objects of
enterprises of high environmental risk in agglomerations: report on
Scientific and Research Work (final), Scientific Institution "Ukrainian
Research Institute of Environmental Problems", Kharkiv, 2018. P.
476.
[20] Kharchenko V., Illiashenko O. (2017) Concepts of Green IT
Engineering: Taxonomy, Principles and Implementation. In:
Kharchenko V., Kondratenko Y., Kacprzyk J. (eds) Green IT
Engineering: Concepts, Models, Complex Systems Architectures.
Studies in Systems, Decision and Control, Springer, Cham, Vol. 74.
pp. 3-19
[21] Potii O., Illiashenko O., Komin D. (2015) Advanced Security
Assurance Case Based on ISO/IEC 15408. In: Zamojski W.,
Mazurkiewicz J., Sugier J., Walkowiak T., Kacprzyk J. (eds) Theory
and Engineering of Complex Systems and Dependability. DepCoS-
RELCOMEX 2015. Advances in Intelligent Systems and Computing,
Springer, Cham, Vol. 365, pp. 391-401.