In the past, many people believed that safety instrumented systems (SIS) were immune to cybersecurity issues because they were either completely separate, or they were connected, but independent from the control system. Unfortunately, in today’s world, that thinking can be very dangerous.
Cybersecurity threats can have a significant impact on the availability and integrity of a SIS that may not be well understood because functional safety assessments do not typically address security issues. Case in point, a petrochemical facility in Saudi Arabia was shut down multiple times in late 2017 when an attacker injected malware into 6 of their SIL 3 safety system controllers. While there had been attacks on general industrial control systems in the past, this attack, called Triton, is the first documented attack on a SIS. This raises serious concerns about the intent of the attackers as well as SIS vulnerability to cyber incidents.
It now seems almost prescient — in 2016, the global functional safety standard, IEC 61511, was updated to include two requirements regarding the security of a SIS. The first requirement states, “a security risk assessment shall be carried out to identify the security vulnerabilities of the SIS.” The second requires “the design of the SIS shall be such that it provides the necessary resilience against the identified security risks.” These requirements are not only sensible, but they are critical to protecting these systems. The standard refers the reader to some other standards, but it doesn’t inform the reader how to perform a security risk assessment or how to develop a cyber resilient design.
Fortunately, aeSolutions has the knowledge and experience to guide you in the right direction. We invite you to read aeSolutions’ whitepaper, “Addressing the Security Requirements in Functional Safety Standard IEC 61511-1:2016.”