Elsikkerhetskonferansen 2015

Safety and Security:

Can they live together?

Marcel Castro (Ph.D.)

Technical Safety & Reliability Engineer

IEC Young Professional 2014

1Elsikkerhetskonferansen 201511/30/2015

Agenda

• Background

• Safety Standards

• Security Standards

• Aligning Safety & Security: – current activities and main findings

• Future Opportunities

2Elsikkerhetskonferansen 201511/30/2015

This presentation reflects the views of the author and

should not be construed to represent FMC Technologies

views.

Disclaimer

3Elsikkerhetskonferansen 201511/30/2015

• Definition– Safety: freedom from risk which is not tolerable

– Security is protection or defense against attack, interference, or espionage *.

– In the industrial control system scope:

Both with target to protect people, environment and asset

• Both Security & Safety work are standard driven – Any model differences?– A large and quite confusing area with many “standards”

Background

RISKSeverity of HARM

Probability of Occurrence of that Harm

&=Source: ISO/IEC Guide 51

* Does not cover physical security

4Elsikkerhetskonferansen 201511/30/2015

Industrial Control System (ICS) Operation

Human Machine

Interface (HMI)

Remote Diagnostic

and Maintenance

Controller

Actuators Sensors

Controlled Process Process

outputs

Process

inputs

Manipulated

Variable

Set points,

Control algorithms,

Parameter constraints,

Process data

Controlled

Variables

5Elsikkerhetskonferansen 201511/30/2015

Functional Safety Standards IEC 61511:Process Industry

IEC 61508:Generic standardon functional safety

IEC 62061:Machinery

IEC 61513:Nuclear

ISO 26262:Automotive

IEC 62278 / IEC 62425/ IEC 62269:Railway

IEC 61511:Process Industry

6Elsikkerhetskonferansen 201511/30/2015

Security StandardsSource: Hitachi Review Vol. 63 (2014).

7Elsikkerhetskonferansen 201511/30/2015

IEC-62443: Four Categories

8Elsikkerhetskonferansen 201511/30/2015

Agenda

• Background

• Safety Standards

• Security Standards

• Aligning Safety & Security: – current activities and main findings

• Future Opportunities

9Elsikkerhetskonferansen 201511/30/2015

Aligning Safety & Security: Relationship

The relationship comes from the similarity of possible consequences.

10Elsikkerhetskonferansen 201511/30/2015

• Conditional dependency:

– Fulfillment of safety requirements conditions security or vice-

versa.

• Mutual reinforcement:

– Fulfillment of safety requirements or safety measures

contributes to security, or vice-versa, thereby enabling

resource optimization and cost reduction.

• Antagonism:

– When considered jointly, safety and security requirements or

measures lead to conflicting situations.

• Independency: No interaction.

Safety and Security Interactions

Source: by Pietre‐Cambacedes.

11Elsikkerhetskonferansen 201511/30/2015

• ISA99 WG7 & TG1

• ISA84 -> ISA84.00.09-2013

• IEC TC65 AHG1

• LOGIIC (Linking the Oil and Gas Industry to Improve

Cybersecurity)

Aligning Safety & Security: Some Activities

12Elsikkerhetskonferansen 201511/30/2015

• Need to address cybersecurity throughout the entire lifecycle [ISA84.00.09-2013]

• Greater integration may introduce greater risk [LOGIIC]

• Default configurations are not secure [LOGIIC]

• Defense in depth is needed [LOGIIC]

• Clear guidance is needed [LOGIIC]

• Improvement of security does not require an improved SIL [ISA99 WG7 & TG1]– But, failure mode analysis is the common ground

Main Findings:

13Elsikkerhetskonferansen 201511/30/2015

Agenda

• Background

• Safety Standards

• Security Standards

• Aligning Safety & Security: – current activities and main findings

• Future Opportunities

14Elsikkerhetskonferansen 201511/30/2015

• IEC 61511 – Functional safety for process industry sector– 2nd Edition: planned Q1 2016

– New requirements containing security risk assessment (8.2.4).

– Need for a security risk assessment for the SIS and associated devices:

Description of identified treats that could exploit vulnerabilities and result in security events

Potential consequences and requirements for risk reduction

This shall be considered for the different lifecycle phases (design, implementation, commissioning, operation and maintenance).

Detailed on SIS security is found in ISA TR84.00.09, ISO/IEC 27001 and IEC 62443

IEC 61511: 2nd Edition

15Elsikkerhetskonferansen 201511/30/2015

• Check to see if product adheres to standard

• Driver - > Security, privacy, risk reduction

• Three level CA necessary → industry automation sector

– Product level ← known risk protection

– Systems integration level ← design/process certification

– Asset owner’s level ← maintenance process

+

– Personal competency certification

– Supply chain

Cybersecurity Conformity Assessment

16Elsikkerhetskonferansen 201511/30/2015

IEC Conformity Assessment: Landscape

IECEE IECEx IECQ CYBER

Type test

Unit cert.

Services

People

Process

Supply chain

Project

Life-cycle

17Elsikkerhetskonferansen 201511/30/2015

Thank You

Marcel Castro (Ph.D.)

TS&R Engineer, FMC Technologies

Marcel.Castro@fmcti.com