"Swiss Army Knife" for safety systems - is it a feature or a vulnerability
On Tuesday, a major control and safety system vendor held a webinar on cyber security of safety systems - "The rocky relationship between safety and security". The vendor talked about the network issues that needed to be considered, limitations on read/write, etc. However, the diagram that was shown on the webinar had the control and safety systems on the same Ethernet LAN. I talked to the vendor about it. His response was their design was like a "Swiss Army Knife" (a feature). That is, they were giving their users flexibility on how they wanted to implement their safety and control systems. As a nuclear engineer, the concept of mixing safety and control on the same network is not acceptable - period. Moreover, at the recent ICS Cyber Security Conference, a utility discussed their major control system cyber incident where they lost all logic in every DCS processor with the plants at power. The hard-wired analog safety systems prevented significant plant damage as they were independent of the affected plant control systems. I find the vendor doing a disservice to their customers to even imply that mixing safety and control would be acceptable. I was very surprised no one brought up the concern of mixing control and safety during the presentation or subsequent question-answer session. When vendors know there are potential cyber vulnerabilities in their "features", I feel they owe their customers some form of notification.