Comment

June 2009

Safety, Security groups form joint working group

By Paul Gruhn

Would you rather learn from the mistakes of others, or make them all yourself? We learn better when we make our own mistakes, but when it comes to the safety and security of high-risk process facilities, it is important we learn from the mistakes of others. That is the collective knowledge that standards are built on. Or would you rather ignore the lessons of others and learn from the investigation after a major accident when your company appears on the evening news? Burying your head in the sand is not the appropriate action to take.

Similarly, do you want to reinvent the wheel for every project you are involved with? Doesn’t it make sense to use the combined knowledge that already exists?

Both of these thoughts apply to the new joint working group between the ISA84 and ISA99 standards committee.

The ISA99 standard on industrial automation and control systems security and the ISA84 standards on safety instrumented systems will join efforts to form a working group under ISA99 on safety and security. Working Group 7 (WG7): Safety and Security of Industrial Automation and Control Systems will help promote greater awareness of the impact of cyber security issues on the safe operation of industrial processes.

ISA84 has existed for decades. The first edition of the ISA84 standard was released in 1996, the second in 2004. The ISA99 standard on control system security is a bit more recent. The first edition of part 1 of the ISA99 standard was released in 2007. Part 2 was released in 2009. (More parts will follow.) Considering the prevalence of Windows and off-the-shelf IT components used in today’s control systems, and the known security weakness with both, security is a real concern. The rising popularity of wireless devices raises even more issues.

Just as one industry, culture, or society can learn from another (something I like to call “cross-pollenization of knowledge”), standards committees can also learn from each other.

Safety and security share a number of similar concepts. For example, the greater the level of risk in a process, the better the safety instrumented systems that will be needed to control it. Similarly, the greater the level of risk of a security breach, the stronger the measures will be needed to combat it.

ISA99 will investigate how to protect industrial processes against systematic and intentional threats, which can result in dangerous failures, and therein lies the challenge of protecting these systems; they are very different from traditional IT security.

The ISA84 committee represents one of the most significant efforts in functional safety, and has been foundational in the downward trend of dangerous failures in industrial automation.

The term used to define the performance of safety instrumented systems is SIL (safety integrity level). It starts with a process hazard analysis, techniques developed decades ago by organizations other than ISA. There are a variety of different techniques used around the world to determine or select what level of performance each safety instrumented function will need. Integrity levels (1-4) then align with performance requirements. The higher the number, the greater the safety performance (i.e., the smaller the probability of failure on demand) required of the safety instrumented function. Also, the higher the integrity level, the more complicated and expensive the system will be.

The term adopted to define the robustness of security measures is SAL (security assurance level). Techniques will be developed to identify threats, assess their risk, define assurance levels, and then prescribe the measures needed to satisfy the requirements for each level. The higher the level, the greater the risk, and the more difficult and expensive it will be to control it.

Safety people need to learn from security people. Security people need to learn from safety people. A joint working group between the two committees will attempt the proverbial group Vulcan mind-meld so they can cross-pollinate and accomplish their tasks in the most expedient manner.

ABOUT THE AUTHOR

Paul Gruhn, PE, CFSE is the training manager at ICS Triplex in Houston, an ISA Fellow, a member of the ISA84 committee, as well as an esteemed ISA instructor and author on safety systems.