No standard adequately addresses instrument failure modes for security and safety

Sept. 5, 2017

The Namur NE43 standard gives guidance on how a sensor fault can be indicated to a control system by means of the 4-20mA signal. However, it doesn’t address cyber security considerations.

Recently, the Automation & Control Engineering Linkedin site asked the following question: Instrument Failure Mode- Fail High or Fail Low- Which Standard Covers This? Namur NE43 provides guidance on how a sensor fault can be indicated to a control system by means of the 4-20mA signal. Namur 43 defines a sensor fault when the current is below 3,6 mA or above 21 mA. According to Namur 43, process control systems such as PLCs or DCSs can identify faulty sensors, and production can be adjusted or stopped to avoid production loss or off-spec product. However, Namur 43 does not identify a sensor to be faulted if it is still in the 4-20maA range even if the sensor is no longer working. There have been several cases where 4-20 mA sensors have failed within the 4-20 mA range but were not identified as failures. Additionally, there have been cases when the sensors haven’t failed yet logic set them to failed conditions. The Bellingham, WA Olympic Pipeline rupture identified in http://www.controlglobal.com/blogs/unfettered/insecure-process-sensors-can-create-safety-security-and-resilience-vulnerabilities/ demonstrates how setting sensor values to a fixed "failed" condition can lead to Loss of Safety. Because there is a lack of authentication and cyber security in the process sensors and sensor protocols such as HART, Wireless HART, Profibus, and Fieldbus are cyber vulnerable, the existing approach set forth in Namur 43 may not be safe. As I am not aware of any cyber security or safety standard that addresses the impact of process sensor (4-20mA analog or digital) cyber security and safety, sensors will be a significant point of discussion at the October 23-26 ICS Cyber Security Conference in Atlanta.

Joe Weiss

About the Author

Joe Weiss | Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]

Sponsored Recommendations

Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...