Tim Gale

 Connect

Posts by Tim Gale:

October 22, 2019

Is Your Water Protected from Ransomware?

Millions of Americans take water service for granted every day. Turn on the tap, and clean water flows out. The average American uses 176 gallons of water per day.  40% of water in America is used to produce the food we eat and the beverages we drink. 17% goes toward showering, 27% is used by […]

Read More
April 10, 2019

Managing an Industrial Cybersecurity Program

A large, multi-site industrial manufacturer faces many challenges when developing and managing an industrial cybersecurity program.  What comes first? What are the priorities? How long should it take to implement mitigations? How do you measure progress? Many perform vulnerability and risk assessments which can produce hundreds of recommendations across dozens of sites. Some recommendations apply […]

Read More
March 26, 2019

How Can I Protect my Safety Instrumented Systems (SIS) from Cyber Threats?

In the past, many people believed that safety instrumented systems (SIS) were immune to cybersecurity issues because they were either completely separate, or they were connected, but independent from the control system. Unfortunately, in today’s world, that thinking can be very dangerous. Cybersecurity threats can have a significant impact on the availability and integrity of […]

Read More

White Papers by Tim Gale:

Addressing the Security Requirements in Functional Safety Standard IEC 61511-1:2016

The 2016 edition of IEC 61511-1: 2016 added two new requirements regarding the security of safety instrumented systems (SIS). The first requirement states that “a security risk assessment shall be carried out to identify the security vulnerabilities of the SIS” and the second requirement states that “the design of the SIS shall be such that it provides the necessary resilience against the identified security risks”. The standard directs the reader to ISA TR84.00.09, ISO/IEC 27001:2013, and IEC 62443-2-1:2010 for further guidance on how to comply with these requirements. While these documents are informative, the 479 combined pages do not provide concise guidance on how to address the specific security requirements. The purpose of this paper is to offer step-by-step guidance on how to address the security requirements in 61511 and to identify specific clauses in the reference standards for further information.

Read More