by John Cusimano & Tim Gale
The 2016 edition of IEC 61511-1: 2016 added two new requirements regarding the security of safety instrumented systems (SIS). The first requirement states that “a security risk assessment shall be carried out to identify the security vulnerabilities of the SIS” and the second requirement states that “the design of the SIS shall be such that it provides the necessary resilience against the identified security risks”. The standard directs the reader to ISA TR84.00.09, ISO/IEC 27001:2013, and IEC 62443-2-1:2010 for further guidance on how to comply with these requirements. While these documents are informative, the 479 combined pages do not provide concise guidance on how to address the specific security requirements. The purpose of this paper is to offer step-by-step guidance on how to address the security requirements in 61511 and to identify specific clauses in the reference standards for further information.
Prepared for Presentation at
2018 Mary Kay O’Connor Process Safety Center International Symposium
College Station, Texas
October 23 – 25, 2018
Keywords: Industrial Automation, Process Safety, Functional Safety, PSM, PHA, HAZOP, LOPA, ICS, Cybersecurity, Cyber-threat, Cyber-risk, IEC 62443, ISA-99, IEC 61511