Cyber security continues to be viewed by most people as data security with little potential impact on process safety. Because of my concern about the cyber security of Level 0,1 devices and process safety, I reviewed NAMUR 163 and provided comments to the Namur 163 committee. Like IEC62443-4-2 āTechnical Security Requirements for IACS Componentsā, neither document appears to adequately address the cyber security of Level 0,1 components (the same can be said for ISA84). I also reviewed the new brochure from the Texas A&M Mary Kay OāConnor Process Safety Center ā āProcess Safety for the 21st Century and Beyondā which was written for academia and industry. There is no mention of ICS cyber security.Ā This omission represents a potential gap in process safety (think of the recent cyber attack on the Triconex safety system). I will be giving the keynote January 25th at the Texas A&M Instrumentation and Automation Symposium where I hope to publicize this issue to the control and safety engineers that attend the Symposium. I am also hoping the new Texas A&M brochure will be modified to better address ICS cyber security.
Joe Weiss