Interested in linking to "Do Safety and Security Mix?"?
You may use the Headline, Deck, Byline and URL of this article on your Web site. To link to this article, select and copy the HTML code below and paste it on your own Web site.
By Dan Hebert, PE
Process plant safety used to be relatively simple. A regulatory control system was in charge of the process. A completely separate safety system controlled all safety-related process areas, and, finally, a security system controlled plant access.
Things are a bit more complicated now because process plant safety must encompass cybersecurity. Another complicating factor is the availability of integrated systems that can simultaneously address process control, safety and security. Once installed, these complex integrated systems can provide value by simplifying plant operations and reducing on-going system maintenance costs. But is the cost and complexity of an integrated safety and security system worth it?
“Combining safety and security into an integrated system allows proactive response to alarms and events, and it provides everyone a single real-time view to any potential threat,” says Erik deGroot, global manager for safety systems at Honeywell Process Solutions.
“Industrial plants have procedures and safety systems that are designed to bring operations to a safe state in the event of equipment malfunctions and other operational problems. In the event of a significant security incident, an integrated system can activate these same procedures and systems. Additionally, an integrated system leads to less expensive implementation and maintenance because all the pieces work together, even as technology continues to evolve,” adds deGroot.
But combining safety and security requires careful planning. “Integrated systems allow smooth and safe plant operation, but separation must still be maintained. The challenge is knowing when to integrate and when to keep systems separate. Dedicated safety-related functions, such as the actual safety application, must stay segregated and must be subject to high safety integrity,” concludes deGroot.
David Kleidermacher, the CTO of Green Hills Software, an operating system vendor specializing in highly secure systems, agrees with deGroot. “It is possible to mix multiple levels of safety and security in control systems, in fact this technique is already being used in aircraft,” he says. “Aircraft and other applications are being driven by requirements for enhanced security while simultaneously improving the cost, power and usability of computer systems. So instead of having two pieces, one that provides control- system management and one that provides corporate network access, we can consolidate systems and also make them more secure,” claims Kleidermacher.
Noted security expert Bryan Singer, chairman of the ISA99 committee that covers security for industrial automation and control systems, agrees that is possible to tightly integrate safety and security. “It may indeed be possible to integrate systems to any level so desired, but should we do so just because the technology supports it? The answer is an unambiguous and very clear maybe,” observes Singer.
“As soon as we integrate systems that were previously disconnected, problems can arise. There is the possibility of cross-pollinating systematic faults from failing devices or excessive network traffic or introducing network accessible system vulnerabilities. Both scenarios make it very likely that a safety system can fall victim to threats,” warns Singer.
“There is no reason why integrating these systems must be more insecure; but deployment requires careful planning, design and testing. To make an integrated system safe, we must do several things very well,” he says. These include:
Singer thinks separate systems are better from a cybersecurity standpoint, but he realizes that many plants will implement integrated systems to save money and simplify plant operations. Others are more adamant and believe separation is a requirement.
“Each layer in the model must be independent, which means that a failure in one cannot influence the proper working of any other layer. One could advocate that security should be an extra layer added to the model, but I believe that safety and security should be completely separated,” adds de Breet.
“Process operations are busy with production and safety. Security guards, whether at the gate or in the IT department, need to be focused on cybersecurity alone. Given the difference in nature of their functions, that is internal versus external protection, combining safety and security in any form could very well make either one more vulnerable,” cautions de Breet.
Others share de Breet’s opinion. “Personal safety, cyber and physical plant security systems must operate in almost total isolation of each other,” says Ernie Rakaczky, principal security consultant for enterprise architecture and integration at Invensys Process Systems.
ControlGlobal.com is exclusively dedicated to the global process automation market. We report on developing industry trends, illustrate successful industry applications, and update the basic skills and knowledge base that provide the profession's foundation.