Regulatory modifications in 2010 have raised important issues in design and use of industrial safety systems. Certain changes in IEC 61508, now being widely implemented, mean that designers and users who desire full compliance must give new consideration to topics such as SIL levels and the transition from 1H to 2H methodologies.
When a storage facility's tank level rises above safe limits, a logic solver that is part of a Safety Instrumented System (SIS) initiates final elements to restore the process to a safe state. This can include shutting off input feeds to the tank by isolating the pump and closing the input valve. This white paper explores the possibilities available to SIS designers of tank overfill protection systems when using a logic solver. It includes examples of system topographies and their associated Safety Integrity Level (SIL) calculations.
This Control Essentials Guide is the first in a continuing series of interactive PDFs by the editors of Control. Essentials of Safety Instrumented Systems is designed to provide process industry professionals with an up-to-date, top-level understanding of the most important SIS issues. From fundamental concepts and terminology to the ongoing debate over integrated vs. stand-alone safety systems, get up to speed quickly on the key technology and marketplace drivers.
Industrial control networks are highly vulnerable to intelligent remote attacks, as well as non-intelligent viruses. With threats to these networks increasing in complexity and scope, decision makers need to take action before it's too late.
What the 3S CoDeSys vulnerabilities are and what an attacker can do with them
How to find out what control/SCADA devices are affected
The risks and potential consequences to SCADA and control systems
The compensating controls that will help block known attack vectors
A number of security vulnerabilities in the CoDeSys Control Runtime System were disclosed in January 2012. In October 2012, fully functional attack tools were also released to the general public.
While CoDeSys is not widely known in the SCADA and ICS field, its product is embedded in many popular PLCs and industrial controllers. Many vendors are potentially vulnerable, and include devices used in all sectors of manufacturing and infrastructure. As a result, there is a risk that criminals or political groups may attempt to exploit them for either financial or ideological gain.
This White Paper summarizes the currently known facts about these vulnerabilities and associated attack tools. It also provides guidance regarding a number of mitigations and compensating controls that operators of SCADA and ICS systems can take to protect critical operations.
Flameproof enclosure (Ex d) and intrinsic safety (Ex i) are very common equipment protection methods in Process Automation. One reason to use Ex d is the amount of energy which could not be provided via Ex i. This disadvantage has gone with the introduction of intrinsically safe, dynamic methods of arc prevention such as DART or Power-i. This white paper shows that when using intrinsic safety, installation, maintenance and inspection costs will be reduced.
This paper addresses decision makers and professionals responsible for automation systems in hazardous areas. A good understanding of the principles of explosion protection is required.
Interested in protection methods for hazardous locations in your plant? Download the complimentary e-book "Explosion Protection and Intrinsic Safety 101," to understand hazardous locations and protection methods. Learn about intrinsic safety from industry leaders.
The Engineer's Guide is an invaluable reference tool with comprehensive information on technologies, products and technical data. It contains everything you need to know about intrinsic safety technology, hazardous locations, surge protection, HART interface solutions, and signal conditioning.
Critical infrastructure sites and facilities are becoming increasingly dependent on interconnected physical and cyber-based real-time distributed control systems (RTDCSs). A mounting cybersecurity threat results from the nature of these ubiquitous and sometimes unrestrained communications interconnections.
This application note describes how to use the Tofino Industrial Security Solution to prevent the spread of the Stuxnet worm in both Siemens and non-Siemens network environments.
What is Stuxnet?
Stuxnet is a computer worm designed to target one or more industrial systems that use Siemens PLCs. The objective of this malware appears to be to destroy specific industrial processes.
Stuxnet will infect Windows-based computers on any control or SCADA system, regardless of whether or not it is a Siemens system. The worm only attempts to make modifications to controllers that are model S7-300 or S7-400 PLCs. However, it is aggressive on all networks and can negatively affect any control system. Infected computers may also be used as a launch point for future attacks.
How Stuxnet Spreads
Stuxnet is one of the most complex and carefully engineered worms ever seen. It takes advantage of at least four previously unknown vulnerabilities, has multiple propagation processes and shows considerable sophistication in its exploitation of Siemens control systems.
A key challenge in preventing Stuxnet infections is the large variety of techniques it uses for infecting other computers. It has three primary pathways for spreading to new victims:
- via infected removable USB drives;
- via Local Area Network communications
- via infected Siemens project files
Within these pathways, it takes advantage of seven independent mechanisms to spread to other computers.
Stuxnet also has a P2P (peer-to-peer) networking system that automatically updates all installations of the Stuxnet worm in the wild, even if they cannot connect back to the Internet. Finally, it has an Internet-based command and control mechanism that is currently disabled, but could be reactivated in the future.
A complete alarm philosophy document (APD) covers all the elements, including design principles, KPIs and escalation policies. Creating an APD to outline these elements is the first step in a successful alarm management project. This paper provides an overview for the essential elements for a complete APD.
The date of January 1, 2005 sits vividly in the minds of manufacturers within the industrial control panel field. That's because that's the day when the National Fire Protection Association's (NFPA) National Electrical Code (NEC) 2005 Article 409 officially went into effect. The code required that short circuit current rating be clearly marked on the industrial control panels in order to be inspected and approved. The markings made it easier to verify proper over-current protection against hazards such as fires and shocks on components or equipment, whether it be for initial installation or relocation. It was the beginning of an era when things would become a little more complicated, but for all the right reasons of ensuring more safety within the industrial world.
The main vision of the NFPA is to reduce or limit the burden of fire and other hazards on the quality of life by providing and advocating scientifically based consensus codes and standards, research, training and education. These codes and standards were established to minimize the possibility of and effects of fire and other risks. Due to misinterpretations, inconsistencies and advancements in technology over the years, they have had to update their codes with consistency in order to comply with existing standards.
Therefore, the focus of this paper will look at the changes that occurred due to Article 409, the impacts that it had, who was affected by the code and how to comply with the code. Precautions like this article had been enforced in the past, but they were too vague, so people found ways to get around them.
The biggest change that took place within the article was the new requirements adopted for industrial machinery electrical panels, industrial control panels, some HVAC equipment, meter disconnect switches and various motor controllers. For the purpose of this paper, we will be concentrating on industrial control panels which are specified as assemblies rated for 600V or less and intended for general use. All in all, it states that the above products must feature a safe design and be clearly marked with specific information concerning Short Circuit Current Rating (SCCR) in efforts of aiding with the designing, building, installation and inspection of the control panels. This way, the above users can both reference and apply all the needed requirements for all new products and installations as well as for modifying existing ones.
Despite the heightened concern for energy infrastructure security-influenced in part by growing threats from international terrorism and piracy-mitigating physical security risks in the world's energy producing regions is a challenge that governments and companies have grappled with for decades. The paper discusses key requirements for an effective platform security strategy, and describes the latest technology enabling an integrated security management system.
Ethernet is the most prevalent LAN application worldwide, offering the benefits of standardization, low-cost components, and high-performance switching technology. It's easy to configure and install. Ethernet has migrated from the office environment onto the factory floor for automation and industrial control. However, while there are many similarities between corporate and industrial Ethernet networks, there are crucial differences a system integrator should know of. Download this white paper to learn how you can assess the three most important areas in Ethernet networks: the network, electrical signals and cabling infrastructure.
As production runs ever closer to equipment and facility operating limits and new plants come on line in expanding and developing economies, the pressure to design and operate systems more safely and economically is increasing. A key to meeting this goal is having competent people who are knowledgeable and experienced in applying the IEC 61508 and IEC 61511 / ISA 84 functional safety standards. To develop and measure an individual's safety engineering competence, several personnel functional safety certification programs have been created. This paper will discuss why these programs are needed and the benefits they deliver to individuals and companies alike. It will also review the characteristics and differences of the various certification programs on the market today, things to watch out for, and some important questions to ask when selecting a certification program.
Moore Industries believes it is of vital importance to have third-party SIS evaluation for plant safety provided by a company with global coverage and reputation. Earlier designs for process control and safety systems typically used "good engineering practices and experience" as their guidelines. As safety awareness evolved new standards started to evolve. International standards such as IEC 61508/61511 and U.S. born standards like ANSI/ISA84 require the use of more sophisticated guidelines for implementing safety. Unfortunately for manufacturers, compliance with IEC 61508 standards requires enormous documentation. In addition, more complex products require a greater depth of analysis. Software-based products such as those from Moore Industries are complex with their inherent programmable and flexible features unlike previous generation single function analog circuits.
Some companies are actively attempting to bypass the vital third party certification by proclaiming self certification to IEC 61508. This is not in the best interest of end users or the safety industry in general. Self certification is analogous as someone proclaiming compliance without third party testing on a hazardous area approval (such as Intrinsically-Safe).
Moore Industries has been working for many years with customers who require products for safety systems, including those compliant with worldwide safety standards such as ANSI/ISA 84 and IEC 61508/61511. To assist customers in determining if their instruments are appropriate for specific safety systems, Moore Industries has been providing Failure Modes, Effects and Diagnostic Analysis (FMEDA) reports for key products, and has been involved in the evolution of the IEC 61508 standard. As this standard has become more widely recognized and adopted by worldwide customers it was clear that end users were looking for products which had been designed to IEC 61508 from their initial concept. Customers are demanding not only compliance to the standards but verification from an independent third party agency such as TUVRheinland.