This page contains a Flash digital edition of a book.
Plant Management


or integration, the integrity of functional safety is in jeopardy. Security deserves this same high level of attention that is devoted to the topic of safety.


T


Stefan Ditting and Thomas Janzer, Product Managers, HIMA Paul Hildebrandt GmbH


Stefan Ditting.


safety and security, as anything that a user or the controller can do, an attacker can also do. A larger attack surface is the consequence. With an integrated control system and safety system from a single source, all automated processes and convenience advantages must be critically tested. The more open and integrated a safety controller is, the more effort is required for organisation and security. Security attack vectors in this area include automated processes, such as diagnostic displays, the automatic interaction between engineering tool and controller, and the interaction between the visualisation of the control system and the safety system.


Levels of protection To reduce systematic errors, standards IEC 61511-1 (Safety) and IEC 62443- 3-3 (Security) require separate levels of protection and autonomy of the operating equipment and protective equipment. By design, an autonomous process control system and a safety system from different manufacturers require different engineering tools, databases and operating procedures. Such systems from different manufacturers avoid common cause risks and reduce the security risk through diverse technology. Diverse technology also ensures


Thomas Janzer. 24 www.engineerlive.com


a clear separation of the areas of responsibility and supports the different handling of operating equipment and


here is no safety without security. If a security risk exists via interfaces


protective devices, in practice. With operating equipment the focus is on daily optimisation, updating and change; in contrast, risk is reduced when protective equipment is operated rarely, and then only by qualified personnel. Each access to protective equipment constitutes a risk, and changes are only permitted via a management of change process. The international standard IEC


62443-3-3, ‘Industrial communication networks – Network and system security’, requires compartmentalisation of production networks. Individual zones are determined (enterprise network, control room, safety system, process control system, etc) that are connected via defined transitions (conduits). In accordance with the respective


data or protocols that must be exchanged, protection is installed at each conduit in the form of a firewall. It is strictly required that exchanged data be clearly defined. Protective measures can only be provided if this structure is known to the user. The forthcoming revision of standard DIN IEC 61511-1, ‘Functional safety – Safety instrumented systems for the process industry sector’, moves in this direction. It advocates testing, evaluating and ensuring the independence, diversity, physical separation, and avoids common cause errors between levels of protection. Moreover, it includes the clear


statement that a safety system should be physically separated where feasible. Current discussions in standardisation bodies such as NAMUR and DKE likewise address the topic that autonomous secure separation and an appropriately defined conduit are required for mastery of security risks. If there is doubt in this regard, automatic convenience functions must also be deactivated to reduce the complexity and thus the security risks. A safety system must have a variety


of security features to harden it against safety-security risks or to reduce the risk in plants. The technical measures affect different areas: PC environment; engineering tool; communication; secure control; and safety application.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68