Do Safety and Security Mix?

“This is critical not only to fulfill their basic operating requirements, but also to ensure that their successful operation is not dependent on the performance of any other system. This provides multiple levels of protection, eliminating a single point of failure, while at the same time enabling continuous and independent validation of each system’s performance,” he adds.

Jeff Myatt, product manager for L-com Connectivity Products, gives another reason for separate systems. “System engineers and integrators are often enticed by the promise of one platform that can simplify both software and hardware integration. However, realties often don’t meet expectations because separate sub-systems are often more reliable, even though they can potentially be more expensive and more difficult to integrate,” he says. “The most reliable systems are engineered to include more than one manufacturer, with each chosen for their strengths or core competencies. Scalability is the key attribute of any system, and an integrated system can lead to scalability limitations and catastrophic failures that are costly to diagnose and fix.”

Fundamental differences between safety and security systems argue for separate platforms. “Security should be handled as a separate subsystem because it is far more difficult to bypass, especially during an emergency,” observes Keith Jones, Wonderware marketing program manager for HMI, supervisory, SCADA and platforms.
“Safety systems are not designed to be updated frequently as are security systems, and models for security systems may change and evolve relatively quickly. Safety systems are generally designed to be unique to a particular site, installation or integration, and need to be changed only when processes change or laws change,” adds Jones.

Tom Phinney, the chairman of the IEC process automation security group, seconds Jones’ point. “The fundamental problem with merging safety and security is that the timing of remediation when a fault is found is different for the two systems. Security issues must be corrected as rapidly as possible, while safety system correction must await potentially long safety reviews that ensure the correction does not introduce new safety flaws.  In the worst case, safety corrections to a TÜV-approved technology may need to wait a year or more for TÜV approval, whereas security needs immediate fixes to avoid increasingly common zero-day exploits.”

Finally, some advocate evaluation of each plant of a case-by-case basis to see if an integrated safety and security system makes sense for the particular application. “A risk assessment can determine whether a single platform can provide both flexibility and security,” says Mike Bush, security product manager at Rockwell Software.

“Advances in technology now allow companies to keep control system functionality separate while still using a common infrastructure for data bases, networks, software, development tools, and alarms and events. This allows users to achieve the operational benefits of a common platform while helping meet functional safety and security requirements through separation,” concludes Bush.

Dan Hebert, PE, is Control’s senior technical editor.