Functional Safety Industrial Cybersecurity

How Bad Industrial Cybersecurity degrades Functional Safety to being ineffective

Functional Safety and Industrial Cybersecurity- what’s the connection?

In this short explanatory white paper, we will discuss how a bad Industrial cybersecurity posture can degrade Functional Safety to be almost ineffective, in protecting assets, people and the environment. Thus having proper Industrial Cybersecurity is a pre-requisite to having proper Functional Safety.

What is Functional Safety all about?

Functional Safety is a specialized domain within the Safety world, which deals with using active systems for achieving safety. An active system is one which depends on sensors to sense conditions, takes action based on a predefined logic (logic solving) and acts via final elements such as actuated valves to ensure that the equipment or process remains in the safe state. As you can guess, functional safety deals with using automated systems for ensuring safety.

Note: If you are new to Functional Safety then please read this white paper on “What is Functional Safety“.

Also you may refer to the earlier guide on What is a Safety Function and What is a Safety Instrumented System here.

Core principles of Functional Safety

Functional Safety gets ensured when the reliability of the automated safety function/ safety instrumented system, is ensured. Every time there is a demand on the system, the safety system should work correctly.

What do we mean by Demand?

Every time that things go out of the normal range, the safety system is called upon to act and save the plant/equipment from disaster. This is known as a demand on the safety system. For example, if you are operating an equipment and something unusual happens, you can push the Emergency Stop button on it to bring it to a safe state (shut it down safely).

What is Demand in Functional Safety

Probability to Fail on Demand (PFD)

You expect that it will work (almost) every time you push it, to bring the machine/plant to a safe state. In other words, it is reliable and has a very low Probability of Failure on demand.

What affects the reliability of a Safety System?

In the Functional Safety domain, the reliability of the Safety System is thought to be based on mainly two factors:

1.      Random Hardware failures and

2.      Systematic Failures.

Random hardware failures are just random. A resistor may short out in a PLCs electronic circuitry, or a mechanical link in a valve actuator may break. Random hardware failures can be addressed by certain measures to reduce failures. The reliability of the safety function is captured in the term “Safety Integrity Level” (SIL for short). Higher the SIL, more the reliability of the Safety Function and less is the chance of an accident.

Systematic failures are the result of systematic problems, due to poor management. For example using the wrong specification sheet, or writing defective software. Systematic Failures can be addressed by using measures to avoid failures. This is captured by the parameter “Systematic Capability” or SC for short. Higher the systematic capability, lesser is the probability of a failure due to systematic errors.

Both failures given are considered to be not deliberate.

The IEC 61508 Functional Safety standard

IEC stands for the International Electrotechnical Commission, of which major industrialized countries are members. The primary standard that deals with Functional Safety is the IEC 61508 standard and it has several parts.

There are several industry versions of this main standard. For example the IEC 61511 standard is the Process Industry version, the IEC 62061 standard is the Machinery Industry version for Functional Safety and the ISO 26262 standard is the Automotive industry implementation  of the standard.

The standards list out these measures in detail. Following these, should give you a robust Safety Instrumented System.

Thus if both the types of failures are addressed by the system designer as well as by the owner/operator of the plant/machinery then one can be reasonably sure that the safety system will be almost 100% reliable. (Almost because nothing can be  100% reliable- the best designed equipment can fail or systematic errors can creep in). But one can be assured that if we follow the core principles of functional safety, our safety system will function well.

Malicious Failures

The above  measures work only for non malicious failures. They do not work if there is sabotage.

Malicious Failures

The assumption, all along, even among  functional safety experts was, that it was very hard (almost impossible), for any malicious actor to attack an SIS. This was true maybe a decade back, but now SIS are being cyber attacked and can be disabled remotely with the potential to cause a big disaster.

TRITON attack

This was amply demonstrated recently when the TRICONEX Safety Logic Solver, which was part of the Safety Instrumented System at a Saudi Arabian petrochemical plant was cyber attacked. Luckily, the attack was discovered while being carried out and the plant was brought to a safe shutdown by alert operators and engineers.

If not noticed in time, it could have resulted in a disaster.

Lessons Learnt

The principles of Functional Safety hold true, only if the Safety Instrumented System is secure from cyber attacks. Hence if you are involved in Functional Safety in any way, maybe as a Design Engineer working on a new Safety Instrumented System, or a maintenance engineer tasked with keeping the BPCS (Basic Process Control System) and the SIS (Safety Instrumented System) running well in order to control the plant well, as well as to prevent a disaster in case of abnormal conditions, then you MUST first ensure that both your BPCS and SIS are secure against cyber attacks.

Cybersecurity clauses in IEC 61508 and IEC 62443

There are several clauses in IEC 61508 that talk about security of the SIS.This is covered in detail in our Functional Safety training course and Safety Instrumented Systems training course

IEC 61508 also refers to IEC 62443, which is another set of standards related to Industrial cyber security.

Note: You may have come across the term OT, this is short for Operational Technology, which means the systems that you use such as your BPCS (whether based on DCS, PLCs or a SCADA architecture) and your SIS. OT security is another term for Industrial Cybersecurity.

This is to distinguish itself from IT security, which relates to protecting IT systems such as your ERP , MIS and similar systems from cyber attacks.

Note that OT security and IT security are completely different. Using IT security measures in OT systems is not recommended.

 

What can you do about this?

First of all, don’t be intimidated. If you know Industrial automation and Functional Safety well, you can also handle the Industrial Cybersecurity part, provided you get trained.

Free Industrial Cybersecurity Book

Get the Abhisam Quick Guide to OT Cybersecurity and IEC 62443 for free to get a quick introduction to Industrial Cybersecurity. Once you complete it you can take higher level courses such as the Abhisam OT Cybersecurity Awareness Course, the Abhisam OT Cybersecurity Fundamentals course and the Certified Industrial Cybersecurity course (CICP) course.

So next step- take the Abhisam CICP Course on Industrial Cybersecurity to not only know how to protect your control system and safety system from cyber attacks, but also to get certified as an Industrial Cybersecurity professional.

Fill in the form to download the ebook now!

Abhisam Quick Guide OT Cybersecurity and IEC 62443

Quick Guide OT Cybersecurity

FREE! Get the Abhisam Quick Guide to OT Cybersecurity and IEC 62443

Going ahead, most companies will require that their employees be aware and can handle securing the SIS. This certification will demonstrate to your employers and clients that you can do this.

So go ahead and take this course now. As of today this is the only course that is available for just $795 which is far less than what you would have to pay if you selected a different provider.

Course Bundles

If you wish to learn about Functional Safety as well as Industrial Cybersecurity then consider taking our Functional Safety & Cybersecurity Course bundle today. For this low price, you get access to 3 courses and 4 certifications. You can also pay in installments.

 

 

 

Related Posts

SIS EBook

FREE! The Abhisam Quick Guide to Basic Functional Safety & SIL

     Quickly understand Functional Safety and SIL via this FREE  guide.

Just get this Confined Space Safety e-learning course today and get trained in working safely in confined spaces.

Note that it includes all the knowledge that you need to have to know how to work safely in confined spaces.

Can I not get this information free from elsewhere?

There is a  common myth  “Just Google it”

It is a myth that you can simply Google for Confined Space   information and get everything that you need to know.

Most likely you will get a large number of occupational safety articles and information, some videos, some power point slides, but much of the information may be in bits and pieces.

While you can get some basic information about confined space safety from these sources, it may not be complete. Even if you do find enough material, it will take you a long time to sequence it all together in one coherent document that makes sense to you.

Even after doing all this there is a possibility that you may not get what you really need to know from an OSHA compliance perspective

Plus you will spend several hours of your time doing all this for zero returns on your investment!

On the other hand, when you take this Abhisam Confined Space safety course, you know that

    1.  It is very carefully made, with subject matter experts in the field of Occupational Safety, Process Safety & Industrial operations who have spent decades in the actual field creating permit systems, investigating incidents and streamlining methods to reduce or eliminate confined space safety accidents.
    2. Utilizes easy graphics, animations and simulations, real life examples of dos and donts, correct and incorrect practices  that enable you to understand everything easily.
    3.  Earn a Certificate when you pass the associated exam and also get an electronic badge that can be displayed online on places such as LinkedIn. Get Noticed.

Can I not simply buy a book? That will be much cheaper!

Of course, you could always pass this up and decide to go for  buy a book on this topic,

but,

remember that there are some disadvantages with this approach

    1.  The first is that not a single book is available  that covers all the topics that you need to know. On the other hand, there will be many books on general workplace safety, occupational safety, permit systems, that may be relevant to only those working in normal workplaces, not those having confined spaces.
    2.  Some of these books may be outdated and obsolete.
    3.  Nobody gives you a certificate if you simply read a book!

 

What does the $7 trial include?

The $7 trial includes trial access to ALL the courses in the Abhisam Catalog for a limited time including this Confined Spaces Safety course

After the trial is over you can choose to either buy an individual course OR subscribe to the GOLD or PLATINUM membership plans.

Your card will not be billed automatically.

Which versions are available?

This course is available as either stand alone (select the Standard version above), Professional, or as part of the Abhisam GOLD membership level.

The Standard version allows you to access the course online from any device (PC/tablet/smartphone) that has an internet connection and a browser that supports HTML 5 (such as Mozilla Firefox, Google Chrome, Internet Explorer, Microsoft Edge, Opera, etc). You can access the course for a period of one year, within which you need to take the exam to earn a Certificate (electronic). You will also earn an electronic badge that can be displayed online on LinkedIn and similar portals.

The Professional version allows you access to the course for 3 years online. You will also earn an electronic badge that can be displayed online on LinkedIn and similar portals.

The content in the Standard and Professional versions is the same.

What is the Abhisam GOLD membership?

When you subscribe to the Abhisam GOLD membership, you get access to all the courses in the Abhisam Catalog, by paying just one low monthly subscription with no commitment as you can cancel anytime. You can also get a free certification exam every month. If you are interested in taking a bunch of courses, then the GOLD membership gives you an affordable plan to do this. This is available to individuals only.

What is the Abhisam Platinum membership?

This is meant for organizations with multiple learners. When you subscribe to the Abhisam Platinum membership, your learners get access to all the courses in the Abhisam Catalog, by paying just one low Enterprise yearly subscription. You can also get a free certification exam every month. 

Additionally Platinum membership gives you a Dashboard where your Training Manager can see the progress of the learners, such as learner module completion, login times, test scores, etc.