Safety, Security groups form joint working group
By Paul Gruhn
Would you rather learn from the mistakes of others, or make them all yourself? We learn better when we make our own mistakes, but when it comes to the safety and security of high-risk process facilities, it is important we learn from the mistakes of others. That is the collective knowledge that standards are built on. Or would you rather ignore the lessons of others and learn from the investigation after a major accident when your company appears on the evening news? Burying your head in the sand is not the appropriate action to take.
Similarly, do you want to reinvent the wheel for every project you are involved with? Doesn’t it make sense to use the combined knowledge that already exists?
Both of these thoughts apply to the new joint working group between the ISA84 and ISA99 standards committee.
The ISA99 standard on industrial automation and control systems security and the ISA84 standards on safety instrumented systems will join efforts to form a working group under ISA99 on safety and security. Working Group 7 (WG7): Safety and Security of Industrial Automation and Control Systems will help promote greater awareness of the impact of cyber security issues on the safe operation of industrial processes.
ISA84 has existed for decades. The first edition of the ISA84 standard was released in 1996, the second in 2004. The ISA99 standard on control system security is a bit more recent. The first edition of part 1 of the ISA99 standard was released in 2007. Part 2 was released in 2009. (More parts will follow.) Considering the prevalence of Windows and off-the-shelf IT components used in today’s control systems, and the known security weakness with both, security is a real concern. The rising popularity of wireless devices raises even more issues.
Just as one industry, culture, or society can learn from another (something I like to call “cross-pollenization of knowledge”), standards committees can also learn from each other.
Safety and security share a number of similar concepts. For example, the greater the level of risk in a process, the better the safety instrumented systems that will be needed to control it. Similarly, the greater the level of risk of a security breach, the stronger the measures will be needed to combat it.
ISA99 will investigate how to protect industrial processes against systematic and intentional threats, which can result in dangerous failures, and therein lies the challenge of protecting these systems; they are very different from traditional IT security.
The ISA84 committee represents one of the most significant efforts in functional safety, and has been foundational in the downward trend of dangerous failures in industrial automation.
The term used to define the performance of safety instrumented systems is SIL (safety integrity level). It starts with a process hazard analysis, techniques developed decades ago by organizations other than ISA. There are a variety of different techniques used around the world to determine or select what level of performance each safety instrumented function will need. Integrity levels (1-4) then align with performance requirements. The higher the number, the greater the safety performance (i.e., the smaller the probability of failure on demand) required of the safety instrumented function. Also, the higher the integrity level, the more complicated and expensive the system will be.
The term adopted to define the robustness of security measures is SAL (security assurance level). Techniques will be developed to identify threats, assess their risk, define assurance levels, and then prescribe the measures needed to satisfy the requirements for each level. The higher the level, the greater the risk, and the more difficult and expensive it will be to control it.
Safety people need to learn from security people. Security people need to learn from safety people. A joint working group between the two committees will attempt the proverbial group Vulcan mind-meld so they can cross-pollinate and accomplish their tasks in the most expedient manner.
ABOUT THE AUTHOR
Paul Gruhn, PE, CFSE is the training manager at ICS Triplex in Houston, an ISA Fellow, a member of the ISA84 committee, as well as an esteemed ISA instructor and author on safety systems.
Safety, security share common goals
The ISA84 committee represents one of the most significant efforts in functional safety, and it has been foundational in the downward trend of dangerous failures in industrial automation. “ISA84, and subsequent work in IEC 61508 and IEC 61511, identifies cyber security as a potential threat to safe operation, but our scope focuses mostly on hardware faults and device reliability,” said ISA84 Chairman William Johnson. “The ISA99 joint working group with ISA84 represents a significant complement to our work as it addresses faults and emerging threats today that jeopardize safe operations in ways that many were less concerned, even a few years ago.”
The working group’s initial tasks include:
“Today when we consider only the probability of hardware failures in a hazards analysis, we can miss significant sources of risk to process safety,” said ISA99 Co-chair Eric Cosman. “This can be a dangerous assumption in the modern interconnected and software-driven plant, when considering intentional threats such as viruses, malware, and hackers, but also unintentional systematic faults like poor network performance or network failures.”