by John Cusimano
Technology Update: If it isn’t secure, it isn’t safe™. Cybersecurity vulnerabilities represent additional failure modes and safety incidents not factored into traditional safety assessments. Consider safety when creating a business justification for cybersecurity risk assessments.
Functional safety assessments are a well-established practice in machine and process automation. These assessments focus on random hardware failures or systematic software failures (such as bugs).
However, cybersecurity threats and vulnerabilities represent additional failure modes that may lead to incidents that are unaccounted for in traditional safety assessments. A business justification can be developed for discussing cyber risk assessments.
The majority of factories and process plants today are controlled and operated by automation systems built on Ethernet TCP/IP networks and legacy Microsoft operating systems. These systems are vulnerable to cybersecurity breaches resulting in…
Figure 1: An industrial control system (ICS) cybersecurity vulnerability assessment is an evaluation of an ICS design. A brownfield design starts with the ICS as-built or as-found drawings, such as the example shown here. Courtesy: aeSolutions.