The continuing lack of adequate cyber security consideration in process safety

Cyber security continues to be viewed by most people as data security with little potential impact on process safety. Because of my concern about the cyber security of Level 0,1 devices and process safety, I reviewed NAMUR 163 and provided comments to the Namur 163 committee. Like IEC62443-4-2 “Technical Security Requirements for IACS Components”, neither document appears to adequately address the cyber security of Level 0,1 components (the same can be said for ISA84). I also reviewed the new brochure from the Texas A&M Mary Kay O’Connor Process Safety Center – “Process Safety for the 21st Century and Beyond” which was written for academia and industry. There is no mention of ICS cyber security. This omission represents a potential gap in process safety (think of the recent cyber attack on the Triconex safety system). I will be giving the keynote January 25th at the Texas A&M Instrumentation and Automation Symposium where I hope to publicize this issue to the control and safety engineers that attend the Symposium. I am also hoping the new Texas A&M brochure will be modified to better address ICS cyber security.

Joe Weiss