Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Securing Industrial Control Systems and Safety Instrumented Systems
Securing Industrial Control Systems and Safety Instrumented Systems

Securing Industrial Control Systems and Safety Instrumented Systems: A practical guide for safeguarding mission and safety critical systems

eBook
€20.98 €29.99
Paperback
€37.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Table of content icon View table of contents Preview book icon Preview Book

Securing Industrial Control Systems and Safety Instrumented Systems

Introduction to Safety Instrumented Systems (SISs)

Industrial control systems (ICSs) have become an increasingly pressing concern due to emerging cyber threats and the prevalence of legacy devices that lack the security to protect against modern threat vectors. Cyberattacks have struck assets of all sizes and verticals, bringing an end to the era of denial and myths about the security of industrial installations.

Safety instrumented systems (SISs) are considered the crown jewels and last layer of defense for many Critical Infrastructures (CIs) such as oil and gas, chemicals, power, manufacturing, and maritime to name a few.

For years, they have operated in isolation using technologies and protocols that were designed without security in mind and focusing primarily on operations conventional functional safety requirements that are not sufficient to protect against motivated, capable, and well-funded adversarial cyber threats.

Nowadays, modern process facilities are significantly interconnected due to the Information Technology (IT) and Operational Technology (OT) convergence, and the widespread adoption of Internet Protocol (IP) based technologies. Furthermore, access to vendor documentation and system specifications is no longer exclusive to a select group of asset owners, operators, and Original Equipment Manufacturers (OEMs). This renders an SIS increasingly vulnerable to cybersecurity attacks by adversaries seeking to manipulate or disrupt its operations.

The importance of cybersecurity for an SIS has only recently started to gain broader attention on C-suite agendas within organizations, primarily driven by the observation of a number of prominent cyber incidents and near-misses in recent years.

In this chapter, we’re going to cover the following main topics together:

  • Understanding SIS
  • What is ICS cybersecurity?
  • Exploring relevant cybersecurity and functional safety standards
  • Examining the safety and cybersecurity lifecycle

Understanding SIS

The main goal of this chapter – and this book – is not to provide an extensive education on the engineering specifics of SISs, as many resources and publications already exist on this subject and have been available for some time. We will instead focus on what you need to understand about SISs within the context of cybersecurity, in order to allow you to grasp the ideas presented in this book without getting too caught up in the details.

SISs are deemed as the most critical barrier of plant process safety and the last prevention layer against process hazards. Usually, when combined with other engineering and administrative controls, a SIS provides a comprehensive set of safeguards and a layered protection approach as part of a plant’s safety philosophy to control risk to As Low As Reasonably Practicable (ALARP) or As Low As Reasonably Achievable (ALARA), taking into account social and economic factors. However, these measures are separate from those of a Basic Process Control System (BPCS), which is used for process control. This is the key differentiator between an SIS and a BPCS.

According to the International Electrotechnical Commission (IEC) definition, SISs are built to achieve three key objectives:

  • To safely and gracefully (or partially) shut down a process when something goes wrong (i.e., a deviation from the norm)
  • To let a process run when safe conditions are met
  • To respond in a timely manner to prevent Emergency Shutdown (ESD), mitigate Fire and Gas (F&G), or minimize the consequences of a hazard

The term SIS typically consists of multiple elements. It includes, but is not limited to, sensors or detectors to monitor process conditions, logic solvers or controllers to process input signals, and final elements (such as valves or actuators) to perform operations and communication networks that facilitate the exchange of information. These components work together to ensure that the process remains within safe operating limits and to initiate an appropriate response when a safety-critical situation arises.

SIS elements

As depicted in the following illustration, an SIS consists of three key elements:

Figure 1.1 – SIS elements

Figure 1.1 – SIS elements

Let’s discuss them further:

  • Sensor: The sensors (or transmitters) are used to measure the process variable conditions and detect any hazardous conditions in the process.

    Here are some common types of SIS sensors used in process industries:

    • Pressure transmitters: Utilized to measure the pressure of gases or liquids in pipes or vessels
    • Temperature transmitters: Employed to gauge the temperature of liquids or gases in vessels or pipes
    • Level transmitters: Used to measure the level of liquid in tanks or vessels
    • Flow transmitters: Widely deployed to measure the velocity of liquids or gases in pipes
    • Gas detectors: Employed to ascertain the presence of hazardous gases in the environment, such as carbon monoxide and hydrogen sulfide
    • Flame detectors: Used to detect the presence of flames, such as those caused by a fire
    • Smoke detectors: Utilized to detect the presence of smoke, which can indicate the presence of a fire
    • Motion sensors: Used to detect the movement of equipment or materials in a process, and can help to identify potential hazards or abnormal conditions
  • Logic solver: The logic solver is essentially the CPU of the SIS that receives input signals, applies safety logic, and generates output signals to control devices such as valves and actuators. It processes data and makes decisions to ensure the safe operation of a process or industrial plant.
  • Final element: The final element of an SIS is a physical device such as an on/off valve or actuator. It receives output signals from the logic solver and executes the necessary actions to maintain the safety of the plant.

A safety function is part of a system that can have several subsystems and elements:

Figure 1.2 – Example of a system and subsystems

Figure 1.2 – Example of a system and subsystems

Like any complex system, an SIS can experience failures. There are several types of failures that can occur in an SIS, including the following:

  • Random hardware failures: These are spontaneous failures at random times, which result from one or more possible degradation mechanisms in the hardware – for example, the aging of electronic components, mechanical failure of relays or solenoids, and so on.
  • Software failures: SISs typically rely on software to perform complex calculations, monitor process data, and control final elements. Software failures can occur due to programming errors, memory leaks, or other issues.
  • Systematic failures: These are when a pre-existing fault occurs under particular conditions and can only be eliminated by removing that fault by modification of the design, process, procedures, documentation, or other relevant factors.

    Examples of systematic failures could be a hidden fault in the design or implementation of software as well as hardware, an error in the design specifications, user manuals, procedures or security operational procedures (SOPs), and so on. It can occur in any lifecycle phase activity.

  • Configuration errors: SISs must be carefully configured to ensure that they perform their intended functions correctly. Configuration errors can occur due to human error, deviations or derogations, misinterpretation of specifications, or as a result of changes made to the system that are not properly tested.
  • Environmental factors: SISs can be impacted by environmental factors such as temperature, humidity, and vibration. For example, extreme temperatures can cause electronic components to malfunction, and vibrations can cause wires or other connections to become loose.
  • Cybersecurity threats: SISs are increasingly integrated with a BPCS, which increases their attack surface and makes them more susceptible to cyber risks. This can affect both process integrity and system availability.

An SIS can operate in four distinct states that are defined by the state I/O signals originating from the system, as presented in the following table:

SIS state

Process status

OK

Process is available

Safe

Process has tripped

Dangerous

Process is available but not protected

Intermediate

Process is available and SIS is available, but it is time to repair it

Table 1.1 – Different SIS states

Important note – deviations and derogations

Deviations typically refer to a departure from the standard performance or prescribed procedures of a system. In functional safety, for instance, a deviation could denote a failure in a safety function or system, resulting in the system not performing as intended. Such deviations could be due to individual component failures, system errors, or security weaknesses. Addressing these deviations necessitates investigating the root cause and devising corrective measures to bring the system back to its standard operating condition. In terms of cybersecurity, deviations could represent any unexpected or irregular activities that could potentially signify a breach or vulnerability threat that requires immediate investigation and remediation.

Derogations, on the other hand, represent a formal exemption from a standard or regulation. In the arena of ICS cybersecurity, derogations are often granted when it is impractical to adhere strictly to the standard or when alternative measures provide an equal or higher level of security. Typically, such derogations must be securely controlled, justified properly, and approved by relevant authority figures, ensuring they don’t compromise the overall integrity of the system. It’s important to note that derogations are not shortcuts or loopholes but are considered flexibilities within the regulatory framework, provided they don’t compromise the objective of the standard.

Both deviations and derogations hold immense significance for an ICS’s functional safety and cybersecurity. While managing deviations involves identifying, analyzing, and remediating unexpected occurrences, handling derogations involves ensuring any exemptions from standards maintain the requisite level of safety and security.

BPCS versus SIS

SISs are primarily designed to track and sustain the safety of the process and are typically passive and dormant for long periods of time. SISs wait to respond to system demands only when necessary. They use Safety Instrumented Functions (SIFs) to execute specific safety-related tasks such as Emergency Shutdown (ESD) and Fire and Gas (F&G).

Maintenance and diagnostics are essential in SISs to confirm that the system is functioning properly and reduce the need for manual tests. All SIS modifications after installation require strict compliance with the Management of Change (MoC) processes, as even the slightest alteration can have a significant impact.

On the other hand, BPCSs are very dynamic in nature with numerous changes. A BPCS provides oversight over the process with a range of digital and analog inputs and outputs that respond to logic functions, making it easier to detect any malfunctions or failures. However, these systems require frequent changes to ensure accurate process control. BPCSs typically consist of hardware and software components, including sensors, controllers, Human-Machine Interfaces (HMIs), and communication networks. BPCSs often use open standard protocols, such as Modbus and OPC, to communicate with other devices in the plant.

The following figure illustrates the typical components of BCPS and SIS and how they interact from a process perspective:

Figure 1.3 – BPCS versus SIS

Figure 1.3 – BPCS versus SIS

SIS and BPCS have many similarities, yet their differences lead to different design, maintenance, and integrity requirements.

The implementation of cybersecurity for these systems varies significantly, yet both are susceptible to various threats, including malware, hacking, zero-days, Man-in-the-Middle (MitM) attacks, and human errors. Nevertheless, the ramifications of a successful SIS breach can be more severe than in BPCSs, as SISs are responsible for protecting the plant and its personnel from hazardous events. A compromised SIS can lead to the failure of safety functions and potentially catastrophic consequences, such as fires, explosions, and toxic releases. We will explore this further in the next chapter.

SIS applications – where are they used?

SISs are of paramount importance when it comes to protecting process safety. Process plants are beneficial as they can transform raw materials and ingredients into tangible products and goods as part of a complex supply chain. Unfortunately, the techniques used to conduct this conversion can trigger dangerous conditions that, if not efficiently controlled and properly contained, might cause major incidents or top events. Hazardous conditions may be present when dealing with combustible materials such as solids, liquids, gases, vapors, and dust.

In addition, administrative controls and safeguards should be used to address the control of risk.

SISs are deployed for many purposes in petrochemical facilities and pipelines and for other industry-specific needs. Examples of these systems include the following:

  • ESD: This is a specialized form of control system, created to provide an extra layer of safety for high-risk areas such as oil and gas, nuclear power, and other potentially hazardous environments. Primarily, these systems serve to protect both personnel and the environment if process parameters exceed acceptable levels. By minimizing the potential damage from emergency scenarios such as uncontrolled flooding, the escape of hydrocarbons, and fire outbreaks, ESD systems provide an invaluable service.

    The following screenshot presents an example of an ESD system and its components:

Figure 1.4 – ESD system

Figure 1.4 – ESD system

The main purpose of ESD can be summarized as follows:

  • ESD systems detect unsafe conditions and initiate a shutdown of the process to prevent potentially hazardous situations.
  • ESD systems are equipped with sensors that monitor process parameters such as pressure, temperature, level, and flow. If any of these parameters exceed a predetermined limit, the system will initiate a shutdown of the process.
  • ESD systems can also be used to activate safety alarms or to stop certain components of the process. This ensures that safety is maintained and potential hazards are avoided.
  • High-Integrity Protection Systems (HIPSs): HIPSs are deployed to prevent Process Shutdown (PSD) from being affected by any of the destructive factors of overpressure, elevated temperatures, and high-level events. The valves in the HIPS are closed decisively to make the production line secure, and one set of triggers records the observed processes, the logic solver (controller) processes the data, and a few end elements take the safeguarding action by cutting down or stopping the pumps with valves or actuated pumps and circuit breakers that perform the closing (shutdown) operation.

    The HIPS serves as the ultimate protection system for the process, and often eliminates the need for pressure release, thereby tending to the environment and mitigating the risks linked to manual handling errors. It also calibrates the overconfidence (high level of trust) that engineers might sometimes have in Distributed Control Systems (DCSs) and ESD systems.

    Some of the most popular deployments of HIPSs include, but are not restricted to, the following:

    • High-integrity pressure protection systems
    • High-integrity temperature protection systems
    • High-integrity level protection systems
    • HIPS interlock systems

    The following illustration depicts a typical HIPS deployment for a subsea field environment:

Figure 1.5 – HIPS

Figure 1.5 – HIPS

  • Burner Management System (BMS): This is typically employed to ensure the safe ignition and operation as well as the shutdown of industrial burners when required. This system can be found in many process industries including oil and gas, power generation, manufacturing, and chemical industries, that rely on flame-operated equipment such as furnaces, boilers, and the like. The system is able to keep track of flames with flame detectors, as well as manage igniters, burners, and other actuators such as shut-off valves.

    The majority of BMSs are designed with the aim of providing protection against potentially hazardous operating conditions and the admission of fuel that is not suitable. A BMS gives the user important status information and support, while additionally, if there is a hazardous condition, it can initiate a safe operating condition or a shutdown interlock.

    According to the National Fire Protection Association (NFPA) 85 Boiler and Combustion Systems Hazards Code, a BMS is a control system that is devoted to boiler furnace safety and operator support. This system assures the safe and efficient working of the boiler, thereby contributing to the safety of the facility as a whole.

    The chance of fire and hazards will increase significantly without a BMS in place. Organizations nowadays implement BMS in SIS to increase safety and system availability, as well as to remain compliant with sector regulations and the latest industry best practices.

    Figure 1.6 illustrates an example of a BMS and its various elements:

Figure 1.6 – BMS

Figure 1.6 – BMS

A list of BMS components, including their functions, can be found in the following table:

Component

Function

Burner

This is where a combination of fuel, oil, and/or gas is mixed with air and ignited to create heat. The process of combustion takes place in multiple burners of large heaters.

FC (flow controller)

This is used to monitor and control the fuel valves and ignitors of the BMS following a sequence that includes processes such as purging, ignition, operation, and shutdown.

Flame detector

This device is used to monitor the absence or presence of a flame and deploy a specific signal to detect it.

Valves

Their primary function is to control and shut off the flow of substances (oil, gas, etc.) into the fuel system.

Table 1.2 – BMS components and functions

It is no surprise that SISs play an essential role within process industries in guaranteeing the safety and dependability of critical operations. A few examples of where an SIS is required to aid in the safeguarding of people, equipment, and the wider environment include the following:

  • Process safety in the chemical industry: The use of SIS in the chemical industry can be focused on Health, Safety, and Environmental (HSE) considerations, and mitigating the consequences of a major accident. For example, an SIS can be used to automatically shut down a process if a critical parameter exceeds a predetermined limit, thereby preventing a catastrophic incident.
  • Power generation: An SIS can be used in power generation plants to protect critical equipment and processes, such as turbines, boilers, and generators. For example, an SIS can be used to automatically shut down a turbine or generator in the event of an abnormal condition, such as low oil pressure or high temperature, to prevent damage to the equipment and ensure safe operation.
  • Transportation safety: An SIS can be used in transportation systems, such as railways and pipelines, to detect and mitigate hazardous conditions. For example, an SIS can be used to automatically apply the brakes on a train if it exceeds a certain speed limit or if it encounters an obstacle on the track, thereby preventing a potential collision.
  • Offshore oil and gas production: An SIS can be implemented in oil and gas environments – including oil fields and offshore platforms – to protect personnel as well as assets from the hazards of explosive gases, fire, and other risks associated with the production process. For example, an SIS can be used to automatically shut down production in the event of a leakage of gas or fire to prevent an explosion or other catastrophic event.

In the next section, we will examine ICS cybersecurity as a new discipline in detail. We will also explore how the IT and engineering communities perceive ICS cybersecurity in their respective fields.

What is ICS cybersecurity?

The term ICS is used in a broad sense to refer to programmable-based devices that are used to control, monitor, supervise, automate, or interact with assets used in continuous, discrete, and hybrid processes in manufacturing, infrastructure, and other commercial and industrial sectors.

At its heart, ICS cybersecurity is about both protecting industrial assets and recovering from system upsets that occur from electronic communications between systems, or between systems and people.

An ICS includes various components, such as the following:

  • Distributed Control Systems (DCS)
  • SIS
  • HMIs
  • Historians
  • Supervisory Control And Data Acquisition (SCADA)
  • Programmable Logic Controllers (PLCs)
  • Remote Terminal Units (RTUs)
  • Intelligent Electronic Devices (IEDs)
  • Power Monitoring Systems (PMSs)
  • Protection relays
  • F&G
  • ESD
  • PSD
  • BMS
  • Building Control Management Systems (BCMSs)
  • Electrical Network Monitoring Control Systems (ENMCSs)
  • Alarm management systems
  • Intelligent Asset Management Systems (IAMSs)
  • Sensors and transmitters
  • Valves
  • Drives, converters, and so on

Establishing a secure baseline for an ICS can be a complex and wide-reaching process as this can cover software, hardware, and communications interfaces. These hardening parameters need to be defined, at the very minimum level, by the following:

  • OS security
  • Endpoint security
  • Embedded device security
  • Application software security
  • Network security
  • Access control (physical and logical)
  • Anti-malware
  • Security monitoring

Despite certain common attributes, ICS differs from the traditional IT systems that are widely deployed in office and enterprise networks. Historically, ICS implementations were heavily reliant on physical security and lacked interconnection with IT networks and the internet. However, as the trend toward ICS intertwining with IT networks intensifies, this creates a greater need to secure these systems from remote, external threats as well as against adversary and non-adversary threats such as disgruntled employees, malicious intruders, and malicious or accidental actions taken by insiders.

In relation to the CIA’s information security model, availability and integrity are given precedence over confidentiality for ICS. The ICS security model is therefore often referred to as an AIC model. In the meantime, reliability and safety remain top priority!

The following figure compares the priorities of the ICS security model with the IT information security model:

Figure 1.7 – An ICS versus an IT model

Figure 1.7 – An ICS versus an IT model

Let’s have a closer look at the definition of each element of the (S)AIC triad:

  • Safety: The assurance from unacceptable risk.
  • Availability: The ability of a system or asset to be accessed and used by an authorized user when required.
  • Integrity: The assurance that a system or asset is accurate and complete. It also refers to the assurance that the system or asset can only be modified by an authorized user.
  • Confidentiality: The assurance that a system or asset is only accessible to an authorized user and is kept secure from unauthorized access. It also refers to the assurance that information within the system or asset is only accessible to an authorized user.

The increasing convergence of business and plant floor systems, emerging standards such as the International Society of Automation’s ISA/IEC-62443 and the National Institute of Standards and Technology’s NIST 800-82 series, and emerging regulatory requirements in a number of countries, all point toward a growing awareness of the susceptibility of the modern industrial process to cybersecurity threats.

Considering the potentially dangerous safety consequences that can occur as a result of these failures, today’s plants need to clearly understand the actual risks – and how best to mitigate these risks – in order to maintain safe and reliable operations.

The potential implications of ICS security breaches encompass a wide range of damaging consequences that might include, but are not limited to, asset, financial, environmental, and reputational damage:

  • Compromise and unauthorized disclosure of confidential data to the public
  • Tampering of system reliability or integrity of process data and production information
  • Loss of View (LoV) and Loss of Control (LoC)
  • Process abuse and corruption that could bring about degraded process efficiency, poor product quality, diminished manufacturing capability, impaired process safety, or environmental release
  • Damage to assets
  • Health implications including injuries and fatalities
  • Demeaned and negative reputation and public trust
  • Breach of contractual and regulatory obligations (such as clients, partners, and regulators)
  • Impact on national security and critical infrastructures

The following consequences have already occurred within ICS installations including SIS:

  • Manipulation of process data or setpoints
  • Unauthorized changes to commands or alarm thresholds
  • Erroneous information being passed on to operators (loss or manipulation of view)
  • Software or settings being tampered with and interference with safety systems, all of which could have far-reaching and potentially fatal consequences

How do IT and engineering communities perceive ICS cybersecurity?

The IT and engineering communities are increasingly aware of the need for ICS cybersecurity. As ICS become ever more connected and automated, they also open themselves up to greater risk of cyberattacks. To address this, both communities are now developing a range of solutions and working closely to protect these systems from emerging threats.

While both communities view ICS cybersecurity from different angles and perspectives – due in large part to the historical gap that exists between IT and ICS as well as differing priorities – they have come to recognize the need to bridge the gap in order to tackle the increasing challenges facing industrial facilities. As a result, a new discipline has emerged that combines the best of both engineering and cybersecurity practices.

For example, engineers are typically more focused on the physical process of an ICS, such as the hardware and software, while IT professionals are more concerned with the network and data security aspects.

A more comprehensive approach to ICS cybersecurity can be achieved by combining both engineering and IT practices. This includes both the physical and the digital components of the system to ensure that the assets are secure from cyber threats.

The following sections will dive into the distinct aspects of international standards for cybersecurity and safety.

Exploring relevant cybersecurity and functional safety standards

Industry associations and governments have established various cybersecurity and functional safety standards in recent years, providing mandatory guidance and regulations for compliance. Furthermore, these standards are regarded as industry best practices for ensuring the safety and reliability of numerous process industries.

These standards are issued by the IEC, thus many countries have superseded their own national requirements and implemented these standards instead. This has provided substantial operational leverage for businesses with operations in multiple countries, as the global standards allow for a single standard to be applied throughout the organization.

This section will provide an overview of SIS-applicable standards with a brief description of the relevant security controls. For other functional safety requirements not outlined here, we recommend that you review the applicable IEC standards.

The IEC provides two renowned, widely used functional safety standards – IEC 61508 and IEC 61511:

  • IEC 61508 is a general safety document from the IEC that provides an overarching framework for achieving functional safety in safety-related systems for many industries and applications. IEC 61508 is used as a foundation for sector-specific functional safety standards including IEC 61511, IEC 61513, ISO 26262, and IEC 62304.
  • IEC 61511 is a dedicated standard that is primarily focused on process industries and is based on IEC 61508.
  • IEC 62304 covers software safety classification, while ISO 26262 is about road vehicles’ functional safety.

The following diagram depicts the most widely used industry functional safety standards:

Figure 1.8 – Scope of IEC 61508 and IEC 61511

Figure 1.8 – Scope of IEC 61508 and IEC 61511

The scope of IEC 61508 and IEC 61511 can be described as follows:

  • IEC 61511 – Functional safety – Safety Instrumented Systems for the Process Industry Sector

    IEC 61511 is a global norm prescribing requirements and guidance for the formation, execution, and operation of SIS for the process industries with a spotlight on the end users. The standard encompasses the overall safety lifecycle of an SIS, including cybersecurity requirements as a part of functional safety and risk management as stipulated by IEC 61508.

    In terms of safety and cybersecurity intersection, the IEC 61511 standard (edition 2) was amended in 2016, with clause 8.2.4 outlining the need for conducting a cybersecurity risk assessment to determine the presence of any potential security weaknesses or vulnerabilities on the SIS. To this end, users of the IEC 61511 standard are directed to seek guidance related to SIS security from the IEC 62443 standards and ISA TR84.00.09.

    IEC61511-1: 2016 edition 2 https://webstore.iec.ch/publication/24241 clause 8.2.4 mandates a thorough examination of security risks to pinpoint any vulnerabilities within the SIS. This assessment should encompass the following:

    • Defining the devices under scrutiny (including the SIS, BPCS, or any connected devices)
    • Identifying potential threats capable of exploiting vulnerabilities, leading to security breaches (ranging from deliberate attacks on hardware and software to inadvertent errors)
    • Assessing the potential repercussions of security breaches and estimating their likelihood
    • Addressing various project phases, including design, implementation, commissioning, operation, and maintenance
    • Determining any additional measures required to mitigate risks
    • Outlining the steps taken to mitigate or eliminate identified threats, or providing references to relevant information
  • IEC 61508 – Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems

    IEC 61508 is a standard series of functional safety, which applies throughout the lifespan of Electrical, Electronic, and Programmable Electronic (E/E/PE) systems and products. This set of regulations encompasses parts of devices and equipment that perform automated safety characteristics; these components may include sensors, control logic, actuators, and microprocessors.

    The uniform technical approach mandated by IEC 61508 can be applied to all safety systems within the electronics and related software industries, regardless of sector. Not only does this horizontal standard target suppliers of safety systems but it can also be used to some extent by those that provide equipment for these safety systems. Furthermore, IEC 61508 sets out four different Safety Integrity Levels (SILs) to determine the success of a system in meeting its specified safety objectives. These SILs are dependent on the robust analysis of the potential risks and hazards of a device, as well as on the consequent likelihood and severity of any such hazard.

    Clause 7 of the standard, specifically titled Realization of the Safety Function, includes criteria for implementing safety functions in an SIS, as well as requirements and guidance for addressing cybersecurity risks. Therefore, although the IEC 61508 standard does not concentrate exclusively on cybersecurity, it does provide recommendations for mitigating cybersecurity risks in an SIS.

As for ICS cybersecurity, common ICS security-related standards include the following:

  • ISA/IEC 62443 – Security of Industrial Automation and Control Systems

    The IEC 62443 series provides a structural foundation that encompasses the safety of Industrial Automation and Control Systems (IACSs) including SIS. This set of standards currently consists of 13 documents that address topics such as developing a proper IACS security program and system design requirements for securely integrating control systems. Additionally, ISA TR84.00.09 builds on the work of ISA99 for IEC 62443 and examines defensive measures to reduce the chance of a breach that may compromise the SIS’s performance. This technical report also furnishes criteria for warding off external and internal security threats and outlines ways to meet the requirements of IEC 61511.

    The following diagram provides an overview of the IEC 62443 standards series and key areas of focus:

Figure 1.9 – Structure of the IEC 62443 series

Figure 1.9 – Structure of the IEC 62443 series

  • NIST 800-82 – Guide to Industrial Control Systems (ICSs) Security

    SP 800-82 from the National Institute of Standards and Technology affords insight into enhancing the security of ICSs. This includes SCADA, DCS, and PLCs, while also handling their varied specifications as well as safety prerequisites. It offers an excursus on ICSs and their general system layouts, pinpoints potential threats, and prescribes countermeasures to cut down the related risks, including SIS. NIST 800-82 emphasizes the importance of risk management in ICS security by providing guidance on conducting risk assessments, identifying threats and vulnerabilities, and developing risk mitigation strategies.

  • NRC regulation 5.71 – Cyber Security Programs for Nuclear Power Reactors

    The US Nuclear Regulatory Commission’s 10 CFR 5.71 regulation stresses the significance of cyber defense in the architecture and running of systems that are safety-critical. It requires licensees to build and execute digital safety-related systems with the highest levels of assurance, making sure that they are resilient to cyber intrusions that could jeopardize their safety functions. This regulation also mandates licensees to put cybersecurity programs into place that incorporate certain measures to both manage cyber threats and maintain system dependability and consistency in the long run.

    Revision 1 of NRC regulation 5.71 provides required guidance on Defense-in-Depth (DiD) practices based on international standards such as the NIST 800 series and International Atomic Energy Agency (IAEA) cybersecurity guidance. This version provides insight into concerns raised from cybersecurity reviews, trends in the industry, emerging legislations, and disruptive technologies as well as outreach programs including lessons learned from cybersecurity incidents.

  • NEI 08-09 – Cyber Security Plan for Nuclear Power Reactors

    NEI 08-09 is a high-level security plan (or strategy) with a layered architecture and a variety of security controls based on the NIST SP 800-82 and NIST SP 800-53 standards. This strategy ensures that systems and networks linked with safety-related operations are protected against cyberattacks that could potentially harm their mission critical functions.

  • NERC CIP

    The North American Electric Reliability Council Critical Infrastructure Protection (NERC CIP) is a regulation to monitor, enforce, and manage the cybersecurity of the Bulk Electric System (BES) in North America. This set of standards is intended to identify and protect vulnerable assets that can influence the reliable supply of electricity throughout the continent’s BES. The CIP framework is designed to ensure the security of the CI.

    Requirements CIP-002-5.1a and CIP-005-6 under NERC CIP focus on the identification and protection of cybersecurity management for safety systems. These standards mandate that responsible organizations must recognize and record details of safety systems. These are described as systems and equipment that are essential for detecting, preventing, or mitigating scenarios that might cause significant disruptions or hinder the safe shutdown of the bulk electric system.

    Here is a high-level overview of these standards:

    • CIP-002-5.1a BES Cyber System Categorization: This categorizes BES cyber systems and their associated assets to tailor cybersecurity measures appropriately, based on the potential impact that damage, unauthorized access, or misuse could have on the BES’s reliability.
    • CIP-005-6 Electronic Security Perimeter: This defines a controlled boundary around networks where critical cyber assets are connected, controlling access to these networks. The goal is to regulate electronic access to BES cyber systems and establish a secure perimeter to prevent actions that could disrupt or destabilize the BES.

In the next section, we will discuss the various stages of the functional safety lifecycle as well as the high-level cybersecurity phases that are crucial to safety critical systems. We will also explore the common processes and methods that are used in each phase as well as their importance in ensuring safe operations.

Examining the safety and cybersecurity lifecycle

This section will cover the safety and cybersecurity lifecycle, exploring different functional safety phases as well as common practices to reduce risk.

Safety lifecycle

Recent safety standards pertaining to SIS have a core concept of the Safety Lifecycle (SLC). This engineering process is built to ensure a comprehensive level of safety from analysis to implementation, covering the operational and maintenance phases of the system. By adhering to the SLC’s rules and regulations, industrial automation systems are ensured to be able to efficiently reduce the industrial process risk.

In addition, the SLC offers the following baselines:

  • A routine, steady architecture for the definition, planning, establishment, and upkeep of an SIS
  • A solid foundation for Risk Assessment Methodology (RAM) techniques
  • An SIS management system, and the Key Performance Indicators (KPIs) expected of each safety instrumented function

The following diagram illustrates the required steps and phases that can be found as part of the SIS SLC:

Figure 1.10 – ISA-84.00.01-2004 SIS SLC

Figure 1.10 – ISA-84.00.01-2004 SIS SLC

The preceding diagram provides a high-level overview of the SLC’s main phases that we will cover briefly here:

  • Analysis phase

    This phase systematically identifies hazards, assesses risks, and defines the safety requirements of the system in order to design and implement effective security instruments (SIFs) that can minimize the risks associated with the system.

    Furthermore, this phase also involves developing a safety concept and safety functions to determine the necessary safety integrity measures and reduce the risk of hazards to an acceptable level. In certain cases, hazards will be found to be within an acceptable range, and as such, no further mitigation is required.

    Therefore, no SIF is warranted. However, in other instances, a risk mitigation measure is needed, and its effectiveness is determined by its Safety Integrity Level (SIL).

  • Implementation phase

    Once the SIFs have been identified and documented, work can commence on the design. This includes the selection of suitable vendors for the sensor, logic solver, and final element, as well as the determination of whether to include redundancy for high safety integrity, to minimize false trips, or both. Subsequently, after the selection of products and their associated components, the design should review the safety philosophy and any known constraints as identified and provided in the Safety Requirements Specification (SRS). As the SIS is designed to not be activated, it is essential that it be inspected and evaluated thoroughly at predetermined intervals.

  • Operation phase

    The operation phase is the final phase of the SIS functional SLC. During this phase, the SIS is fully operational and is used for its intended purpose. This phase includes activities such as the ongoing monitoring, maintenance, and verification of system effectiveness. The goals of this phase are to ensure that the SIS continues to perform its intended function and to identify and address any potential issues that could negatively impact safety. This phase is critical for maintaining the safety of the system and ensuring its continued reliability.

    If there are any modifications to be carried out, these must strictly follow the MoC protocol of the organization and a Stage 5 Functional Safety Assessment (FSA5) should be conducted. Regular audits must also be part of this essential lifecycle phase.

    As part of this phase, questions related to design and maintenance, the management of change processes, and so on must be addressed within the Pre-Startup Safety Review (PSSR). Examples of these questions include but are not limited to the following:

    • Does the system comply with all the specifications outlined in the SRS?
    • Have the SIL targets and Mean Time to Failure (MTTF) targets been achieved for all SIFs?
    • Are all the requirements of the SIS SLC being effectively completed?
    • Is all equipment configured in accordance with the manufacturer’s safety manual?
    • Has a Hazard and Risk Analysis (H&RA) been carried out and have any recommendations been implemented?
    • Have the recommendations from any Functional Safety Assessment (FSA) been resolved?
    • Has a cybersecurity evaluation been conducted?
    • Is there an established schedule for periodic inspections and tests for each SIF?
    • Have the maintenance procedures been established and validated?
    • Is there an established procedure for managing changes?
    • Is there a security patch management strategy enforced?
    • Are the operation and maintenance teams trained, certified, and qualified for the work?

    Only once the aforementioned questions have been addressed adequately can we move on to the startup and operation can continue.

As depicted in Figure 1.9, the FSAs, as part of the management of functional safety and functional safety assessment and auditing, are conducted throughout the lifecycle phases:

  • FSA1: The aim of performing a Functional Safety Assessment (FSA1), once the analysis step has been concluded and the SRS has been created, is to detect any possible safety risks.
  • FSA2: Once the SIS’s detailed design and engineering have been finished, it is necessary to carry out a Functional Safety Assessment (FSA2).
  • FSA3: Prior to SIS startup and after installation, commissioning, and Site Acceptance Test (SAT), a systematic – and mandatory – SIL validation shall be conducted to fulfill functional safety standard requirements.
  • FSA4: System operation and maintenance must be conducted by personnel who are qualified and have demonstrable experience from past projects.

    This is an essential requirement. Regular Stage 4 Functional Safety Assessments (FSA4s) must be performed to verify the following:

    • The alignment of ongoing activities with the initial design assumptions
    • Full compliance with the safety management and verification requirements stipulated in IEC 61511
  • FSA5: FSA5 shall be carried out before the modifications. Once the modification activity is complete, another FSA5 shall be required to assess and confirm that the necessary modification is meeting the safety integrity requirements.

Cybersecurity lifecycle

The cybersecurity lifecycle shares strong similarities with the SLC in terms of risk reduction, yet they differ from one another due to their separate design by different communities, each with its own terminologies, contexts, and ways of working.

IT security professionals prioritize dealing with immediate threats, whereas process safety engineers are chiefly concerned with much longer lifespans of up to 10 years. Historically, the role of IT within industrial networks has been focused primarily on data (historian replication in IT) access, support for communication interfaces, or access to tools.

Many forward-focused organizations are now attempting to change the culture and bring these two communities closer together through the formation of new operating models, with the aim of enhancing collaboration and jointly confronting the increasing cyber risk that threatens organizations globally.

With the industry approaching the cybersecurity lifecycle in so many different ways, we will focus solely on industrial standards such as IEC 62443 and NIST, as these include ICS practical guidance. We will explore these further in later sections of this book.

Important note

It is important to emphasize that compliance and security are not the same. The proposed standards provide guidance and advice regarding certain security controls that have been adopted for general use in ICS environments. Nevertheless, no standard is capable of accounting for all the specifications of your company’s business processes. Therefore, it is essential to be cautious when implementing these standards for ICS security projects and to remember that adhering to standards does not guarantee your security.

Summary

In this chapter, we have discussed the fundamental concepts that shape functional safety and ICS cybersecurity with a great emphasis on risk mitigation. We have covered the components, standards, terms, and practices that are currently used in multiple industries. Furthermore, we have examined the functional safety and cybersecurity life cycles, including their similarities and discrepancies.

We now have a strong foundation to dive more deeply into practical SIS cybersecurity. The next chapter will explore the need to protect safety processes against emerging cyber threats and will provide examples of recent security incidents that have primarily targeted SIS.

Further reading

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Embrace proactive cybersecurity controls for SIS, recognizing the need for advanced protection strategies
  • Analyze real-world SIS incidents, detailing root causes, response actions, and long-term implications
  • Learn all about new threats in SIS like malware and ransomware, and explore future industrial cybersecurity trends
  • Purchase of the print or Kindle book includes a free PDF eBook

Description

As modern process facilities become increasingly sophisticated and vulnerable to cyber threats, securing critical infrastructure is more crucial than ever. This book offers an indispensable guide to industrial cybersecurity and Safety Instrumented Systems (SIS), vital for maintaining the safety and reliability of critical systems and protecting your operations, personnel, and assets. Starting with SIS design principles, the book delves into the architecture and protocols of safety networks. It provides hands-on experience identifying vulnerabilities and potential attack vectors, exploring how attackers might target SIS components. You’ll thoroughly analyze Key SIS technologies, threat modeling, and attack techniques targeting SIS controllers and engineer workstations. The book shows you how to secure Instrument Asset Management Systems (IAMS), implement physical security measures, and apply integrated risk management methodologies. It also covers compliance with emerging cybersecurity regulations and industry standards worldwide. By the end of the book, you’ll have gained practical insights into various risk assessment methodologies and a comprehensive understanding of how to effectively protect critical infrastructure.

Who is this book for?

This book is for professionals responsible for protecting mission-critical systems and processes, including cybersecurity and functional safety experts, managers, consultants, engineers, and auditors. Familiarity with basic functional safety concepts and a foundational understanding of cybersecurity will help you make the most out of this book.

What you will learn

  • Explore SIS design, architecture, and key safety network protocols
  • Implement effective defense-in-depth strategies for SISs
  • Evaluate and mitigate physical security risks in industrial settings
  • Conduct threat modeling and risk assessments for industrial environments
  • Navigate the complex landscape of industrial cybersecurity regulations
  • Understand the impact of emerging technologies such as AI/ML, remote access, the cloud, and IIoT on SISs
  • Enhance collaboration and communication among stakeholders to strengthen SIS cybersecurity

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Aug 28, 2024
Length: 256 pages
Edition : 1st
Language : English
ISBN-13 : 9781801071864
Category :
Concepts :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning

Product Details

Publication date : Aug 28, 2024
Length: 256 pages
Edition : 1st
Language : English
ISBN-13 : 9781801071864
Category :
Concepts :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 105.97
Securing Industrial Control Systems and Safety Instrumented Systems
€37.99
Cryptography Algorithms
€37.99
Ethical Password Cracking
€29.99
Total 105.97 Stars icon

Table of Contents

13 Chapters
Part 1:Safety Instrumented Systems Chevron down icon Chevron up icon
Chapter 1: Introduction to Safety Instrumented Systems (SISs) Chevron down icon Chevron up icon
Chapter 2: SIS Evolution and Trends Chevron down icon Chevron up icon
Chapter 3: SIS Security Design and Architecture Chevron down icon Chevron up icon
Part 2: Attacking and Securing SISs Chevron down icon Chevron up icon
Chapter 4: Hacking Safety Instrumented Systems Chevron down icon Chevron up icon
Chapter 5: Securing Safety Instrumented Systems Chevron down icon Chevron up icon
Part 3: Risk Management and Compliance Chevron down icon Chevron up icon
Chapter 6: Cybersecurity Risk Management of SISs Chevron down icon Chevron up icon
Chapter 7: Security Standards and Certification Chevron down icon Chevron up icon
Chapter 8: The Future of ICS and SIS: Innovations and Challenges Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.8
(5 Ratings)
5 star 80%
4 star 20%
3 star 0%
2 star 0%
1 star 0%
Denrich Sananda Oct 27, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Jalal Bouhdada’s Securing Industrial Control Systems and Safety Instrumented Systems is an absolute gem for anyone in the OT/ICS cybersecurity field. What I love most about this book is how it offers practical, actionable advice that’s directly applicable to real-world situations. Jalal, doesn’t just theorize—he shares his real world experiences that resonate with professionals working on the ground in industrial environments.Whether you’re focused on mission-critical systems or safety-critical operations, this book has something valuable to offer. It breaks down complex topics into understandable sections, making it easier to apply in your own work.I highly recommend it to anyone looking to deepen their expertise and stay ahead in securing industrial control systems. Whether you're a seasoned expert or just starting out, this book will be a key reference in your collection.
Amazon Verified review Amazon
LA-Listing Oct 01, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Securing Industrial Control Systems and Safety Instrumented Systems" by Jalal Bouhdada is a comprehensive guide to safeguarding critical infrastructure against evolving cyber threats. The book excels in explaining the intricate design and security protocols of Safety Instrumented Systems (SIS), offering real-world examples and practical solutions. Bouhdada's approach blends technical depth with actionable strategies, making it a valuable resource for both cybersecurity professionals and engineers. It effectively covers emerging threats like ransomware, compliance with industry standards, and the impact of technologies like AI and IIoT on SIS security. Overall, this book is an essential read for anyone tasked with protecting mission-critical systems.
Amazon Verified review Amazon
Denrich Sananda Oct 27, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Jalal Bouhdada’s Securing Industrial Control Systems and Safety Instrumented Systems is an absolute gem for anyone in the OT/ICS cybersecurity field. What I love most about this book is how it offers practical, actionable advice that’s directly applicable to real-world situations. Jalal, doesn’t just theorize—he shares his real world experiences that resonate with professionals working on the ground in industrial environments.Whether you’re focused on mission-critical systems or safety-critical operations, this book has something valuable to offer. It breaks down complex topics into understandable sections, making it easier to apply in your own work.I highly recommend it to anyone looking to deepen their expertise and stay ahead in securing industrial control systems. Whether you're a seasoned expert or just starting out, this book will be a key reference in your collection.
Amazon Verified review Amazon
Ambro500 Oct 25, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book gives a great high-level description of how to secure your IT OT environment and infrastructure. For someone who is currently building out an IT OT security program, policies, and standards, I found this book very useful.
Amazon Verified review Amazon
Vincent Musa Sep 26, 2024
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
I was given a chance to review this e-book before its pending release,“Securing Industrial Control Systems and Safety Instrumented Systems" - a practical guide for safeguarding mission and safety critical systems by Jalal BouhdadaAn easy read, from a highly esteemed SME per his peers in the cybersecurity world. At first, I didn’t understand why I would be interested in such a book. The title made my eye roll over, like reading graffiti my brain had to deeply engage before understanding the meaning. Thankfully, the secondary title made it palatable. I read through the first 3 chapters and understood the relevance in my world of Continuous improvement, as the Industrial Internet of Things (IIoT), Digital 4.0 and the ISO standards or QMS that govern our industry collide to make it mandatory to mitigate the risks in our processes from internal and external threats. Do we rely on an air gap or is our mission/safety-critical system data robustly engineered with layers of protection? This book aims to show you the way particularly if you wear one or more hats as defined by the book below.“-Industrial automation engineers: To deepen their understanding of cybersecurity risks and cover how to integrate security into SIS design and operations.-IT and OT security professionals: To help them grasp the unique challenges of securing industrial environments and implement tailored cybersecurity strategies.-Safety managers and process engineers: To help them incorporate cybersecurity measures into existing safety frameworks and protocols.-Policymakers and regulators: To help them develop informed policies that ensure the resilience and security of critical infrastructure.The book would have been shorter if not for the range of hat wearers this book intended to satisfy, i.e., you can skip a lot of the explanatory diagrams and tables if you lean a little more toward the IT side versus the OT. Yes, there are pictures for us visual learners. Available now on Amazon so happy listening/reading/implementing.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.