Introduction to Safety Instrumented Systems (SISs)
Industrial control systems (ICSs) have become an increasingly pressing concern due to emerging cyber threats and the prevalence of legacy devices that lack the security to protect against modern threat vectors. Cyberattacks have struck assets of all sizes and verticals, bringing an end to the era of denial and myths about the security of industrial installations.
Safety instrumented systems (SISs) are considered the crown jewels and last layer of defense for many Critical Infrastructures (CIs) such as oil and gas, chemicals, power, manufacturing, and maritime to name a few.
For years, they have operated in isolation using technologies and protocols that were designed without security in mind and focusing primarily on operations conventional functional safety requirements that are not sufficient to protect against motivated, capable, and well-funded adversarial cyber threats.
Nowadays, modern process facilities are significantly interconnected due to the Information Technology (IT) and Operational Technology (OT) convergence, and the widespread adoption of Internet Protocol (IP) based technologies. Furthermore, access to vendor documentation and system specifications is no longer exclusive to a select group of asset owners, operators, and Original Equipment Manufacturers (OEMs). This renders an SIS increasingly vulnerable to cybersecurity attacks by adversaries seeking to manipulate or disrupt its operations.
The importance of cybersecurity for an SIS has only recently started to gain broader attention on C-suite agendas within organizations, primarily driven by the observation of a number of prominent cyber incidents and near-misses in recent years.
In this chapter, we’re going to cover the following main topics together:
- Understanding SIS
- What is ICS cybersecurity?
- Exploring relevant cybersecurity and functional safety standards
- Examining the safety and cybersecurity lifecycle
