Topic: Intrinsic Safety

• › Articles (65)
• › White Papers (19)
• › News (37)
• › Products (5)

Situation Critical
Bad Human/System Relationships Can Quite Literally Blow Up in Everyone's Face

Blocking and Tackling Are Still Required Skills
It Is Sometimes Easier to Get Classes on Advanced Process Control Than on the Basics of General Instrumentation and Control

Rethink Mass Notification
Properly dealing with emergencies demands integration of plant systems.

ISA100.11a Security
What Happens to the Process When the Devices Fails?

More Articles »

White Papers: In Depth Research

Personnel Functional Safety Certification: Not All Programs Are Created Equal
Author: Exida
Posted: 03/05/2010
As production runs ever closer to equipment and facility operating limits and new plants come on line in expanding and developing economies, the pressure to design and operate systems more safely and economically is increasing. A key to meeting this goal is having competent people who are knowledgeable and experienced in applying the IEC 61508 and IEC 61511 / ISA 84 functional safety standards. To develop and measure an individual's safety engineering competence, several personnel functional safety certification programs have been created. This paper will discuss why these programs are needed and the benefits they deliver to individuals and companies alike. It will also review the characteristics and differences of the various certification programs on the market today, things to watch out for, and some important questions to ask when selecting a certification program.

Compliance Testing and Certification
Author: Moore Industries
Posted: 03/03/2010
Moore Industries believes it is of vital importance to have third-party SIS evaluation for plant safety provided by a company with global coverage and reputation. Earlier designs for process control and safety systems typically used "good engineering practices and experience" as their guidelines. As safety awareness evolved new standards started to evolve. International standards such as IEC 61508/61511 and U.S. born standards like ANSI/ISA84 require the use of more sophisticated guidelines for implementing safety. Unfortunately for manufacturers, compliance with IEC 61508 standards requires enormous documentation. In addition, more complex products require a greater depth of analysis. Software-based products such as those from Moore Industries are complex with their inherent programmable and flexible features unlike previous generation single function analog circuits.

Some companies are actively attempting to bypass the vital third party certification by proclaiming self certification to IEC 61508. This is not in the best interest of end users or the safety industry in general. Self certification is analogous as someone proclaiming compliance without third party testing on a hazardous area approval (such as Intrinsically-Safe).

Moore Industries has been working for many years with customers who require products for safety systems, including those compliant with worldwide safety standards such as ANSI/ISA 84 and IEC 61508/61511. To assist customers in determining if their instruments are appropriate for specific safety systems, Moore Industries has been providing Failure Modes, Effects and Diagnostic Analysis (FMEDA) reports for key products, and has been involved in the evolution of the IEC 61508 standard. As this standard has become more widely recognized and adopted by worldwide customers it was clear that end users were looking for products which had been designed to IEC 61508 from their initial concept. Customers are demanding not only compliance to the standards but verification from an independent third party agency such as TUVRheinland.

An Analysis of Whitelisting Security Solutions and Their Applicability in Control Systems
Author: Andrew Ginter, ISP, CIPS, CISSP, Chief Security Officer, Industrial Defender, Inc.
Posted: 02/26/2010
Whitelisting is described by its advocates as "the next great thing" that will displace anti-virus technologies as the host intrusion prevention technology of choice. Anti-virus has a checkered history in operations networks and control systems – many people have horror stories of how they installed anti-virus and so impaired their test system that they simply couldn't trust deploying it in production.

While anti-virus systems detect "bad" files that match signatures of known malware, whitelisting technologies identify "good" executables on a host and refuse to execute unauthorized or modified executables, presumably because such executables may contain malware. This is a least privilege approach of denying everything that is not specifically approved.

In this paper the Industrial Defender team performs an independent analysis of a variety of whitelisting solutions for their applicability to control systems. The paper closes with some recommendations related to this technology and areas for further research.

Lear more about Industrial Defender

An IT Perspective of Control Systems Security
Author: Andrew Ginter, ISP, CIPS, CISSP, Chief Security Officer, Industrial Defender, Inc.
Posted: 02/26/2010
Enterprises with industrial operations typically utilize at least two types of computer networks – Information Technology (IT) - a network that supports enterprise information system functions like finance, HR, order entry, planning, email and document creation; and Operational Technology (OT) - a network that controls operations in real-time. This second type of network supports realtime or control system products, generally referred to as Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), Energy Management Systems (EMS) or Manufacturing Execution Systems (MES), depending on the industry.

There has been much discussion and debate around the convergence between Information Technology (IT) and Operational Technology (OT). In an effort to provide better visibility and information flow between revenue generating OT assets and enterprise applications, these systems have often been interconnected, in many cases without properly securing the control systems from cyber attack first. If the IT and OT networks are interconnected, yet not properly secured, a breach to one network can easily transverse to the other, leaving the entire computing infrastructure at risk.

At first glance, interconnected IT and OT networks appear to share similar technologies and so a common approach to cyber-security might be indicated. However, upon deeper inspection, many important differences in IT and OT networks will be revealed. The unique characteristics of OT systems and networks preclude many traditional IT enterprise security products from operating safely without impairing operations, and when introduced, can provide significant disruption and downtime to these real-time, revenue generating assets.

This paper is intended to educate IT professionals on the unique requirements of operational technology and what is required to properly secure these networks from cyber attack, so that organizations can assure security, reliability and safety of information and revenue generating assets.

Learn more about Industrial Dedender

More White Papers »