Process and operational safety
On the HazardEx 2018, Rob Turner, Advanced Solutions Consultant, UK, gave a presentation about the combination of safety and security. He discussed how and why both worlds need to be merged.
Rob Turner states “(Safety and Security) are two sides of the same coin.”
[ot-video]
[/ot-video]
The main focus of Hazardex International Conference and Exhibition was process and operational safety.
Why do we need a tie between safety and security for industrial control systems?
What is different about a control system? (compared with an IT system)
- Age of the hardware and software
- The network protocols in use, e.g. Modbus, Ethernet/IP, OPC
- Access for patching, AV, updates, etc.
- The use of wireless communications for command and control
- These systems are often responsible for control of a physical process
And what is different about a safety instrumented system (SIS)?
Technology considerations
This paper demonstrates attack induced common-mode failures on an industrial-grade (Xxxx) Triple-Modular-Redundant PLC (programmable logic controller) and its impact in a Nuclear Power Plant settings. The attack exploits the fact that during the configuration phase the same control logic is downloaded to all three redundant modules. We describe how an attacker can exploit this vulnerability to embed malicious control logic and how to trigger the attack. The feasibility and the attack impact are evaluated on a testbed, which includes the Xxxx PLC as part of a safety protection system in a simulated nuclear power plant.
Network and Information Systems Directive (NIS Directive)
NIS Directive is the first piece of EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU.
Why IEC 61511?
At first sight this might appear to be an additional burden for the process industries and an intrusion into the jurisdiction of IEC 62443 which already covers the security of these systems.
Layers of Defense
Safety and Security
At first step it‘s essential to consider the functional safety in order to protect human lives,
environment, assets. After that you need to segmentate your plant into neccessary security zones.
Many thanks to Rob Turner for providing this presentation materials.
Interested in further articles about safety and security, check this!
Yokogawa at ACHEMA 2018
[button link=”https://www.yokogawa-achema.de/en/” icon=”” side=”left” target=”” color=”00BFFF” textcolor=”undefined”]Learn more[/button]
