Are Integrated Safety/Security Systems Secure?

Nov. 24, 2008

Process plant safety used to be relatively simple. A regulatory control system was in charge of the process. A completely separate safety system controlled all safety-related process areas, and a security system controlled plant access. Things are a bit more complicated now because process plant safety must encompass cybersecurity

Process plant safety used to be relatively simple. A regulatory control system was in charge of the process. A completely separate safety system controlled all safety-related process areas, and a security system controlled plant access. Things are a bit more complicated now because process plant safety must encompass cybersecurity

Integrated systems that can simultaneously address process control, safety and security complicate things more. These complex integrated systems simplify plant operations and reduce on-going system maintenance costs. But is the cost and complexity worth it? 

“Combining safety and security into an integrated system allows proactive response to alarms and events and a single real-time view to any potential threat,” says Erik deGroot, global manager for safety systems at Honeywell Process Solutions. “Industrial plants have procedures and safety systems that are designed to bring operations to a safe state in the event of equipment malfunctions and other operational problems. In the event of a significant security incident, an integrated system can activate these same procedures and systems. An integrated system also leads to less expensive implementation and maintenance because all the pieces work together.”  

Jan de Breet, safety-instrumented systems consultant for Yokogawa Corporation of America, has a different perspective. “I am a proponent of the layers-of-protection model found in IEC 61511,” he says. “Each layer in the model must be independent, which means that a failure in one cannot influence the proper working of any other layer. One could advocate that security should be an extra layer added to the model, but I believe that safety and security should be completely separated.”  

He adds, “Process operations are busy with production and safety. Security guards, whether at the gate or in the IT department, need to be focused on cybersecurity alone. Given the difference in nature of their functions, combining safety and security in any form could very well make either one more vulnerable.”  

Tom Phinney, the chairman of the IEC process automation security group, also argues for separate systems. “The fundamental problem with merging safety and security is that the timing of remediation when a fault is found is different for the two systems. Security issues must be corrected as rapidly as possible, while safety system correction must await potentially long safety reviews that ensure the correction does not introduce new safety flaws.” 

How do you see things? Are separate control and safety systems better? Or should these two systems be integrated?