Integrating safety requires attention to cyber security issues as well

Safety instrumented systems (SIS) demand integrator skills significantly more advanced than those required for the usual PLC project. A system integrator must be able to deliver a system proven to meet client requirements for the safety integrity level (SIL) of each safety instrumented function (SIF).

07/06/2010


Robust security systems that include defense-in-depth firewalls are increasingly more critical to ensuring the safe operation of automated machinery and industrial control systems. (Source: Invensys Operations Management)Safety instrumented systems (SIS) demand integrator skills significantly more advanced than those required for the usual PLC project. A system integrator must be able to deliver a system proven to meet client requirements for the safety integrity level (SIL) of each safety instrumented function (SIF). The integrator must also demonstrate the competency and qualifications to do SIS work.

The expertise required can extend far beyond just knowing how to program a SIS. For example, most safety systems need to have their communications functions integrated into the DCS communications infrastructure safely and securely. To do this, a system integrator must have the competency to configure and deploy the communications capabilities of the SIS and DCS.

Many integrators have some experience in this area because past projects have required them to set up communications to other intelligent systems at both the PLC level and the HMI level. Open standards like OPC Classic make it possible for integrators to work with a standard protocol that gives them greater flexibility. However, implementing via standards always involves certain risks.

Today’s projects also require system integrators to harden the communications integration by providing highly secure and robust systems. Cyber security is increasingly critical for maintaining control and safety integrity and for ensuring both communications security and integrity. Without it an integrator could deliver a system that could potentially experience a loss of view, or, worse, a loss of real-time data between the SIS and the DCS they are integrating. Meeting this challenge requires systems integrators to leverage the cyber security features of SIS and DCS, develop new tools, and develop new skill sets.

Leveraging cyber security features

In some cases, the systems integrator must work with the systems that are in place; in others, they might be involved in the selection of such systems. Systems must have communications and security solutions that are flexible enough to collaborate with a variety of third-party DCSs and easy enough to deploy so that the integrator can deliver the safety functions the client needs. It is also important that SIS functions are partitioned appropriately from the DCS functions so that a loss of communications or integrity will not prevent the safety system from performing its designed function, which is to keep the processes that require protection in a safe state.

Some SIS systems also self-police communications access. In one case, Invensys Operations Management (www.iom.invensys.com) collaborated with Byres Security (www.tofinosecurity.com), a cyber security firm, to add an OPC firewall to its Tricon Communications Modules (TCM). The firewall enabled a layer of defense-in-depth that lets systems integrators enjoy the flexibility and integration benefit of OPC Classic without worrying about security systems that have in the past been associated with DCOM-based systems.

“Past plant shutdowns, for example, haven’t been caused by hackers. Instead they were the result of badly configured software causing traffic storms that impacted critical controllers and other systems,” said Eric Byres, security expert and technical officer at Byres Security. “A reliable OPC firewall means that in addition to blocking hackers and viruses from accessing the safety system, integrators can deliver dynamic port management and built-in traffic-rate controls to prevent many basic network problems from spreading throughout a plant.”

The right tools

Sometimes meeting a client’s needs requires developing tools to augment vendor-supplied functionality. For example, Trinity Systems, a U.K.-based system integration firm experienced in safety systems integration, developed a remote viewer that takes advantage of the communications security features of the Triconex TCM and Triconex Firewall. The viewer allows the end user to have a simple and reasonably priced window into the SIS from the business or primary control networks, while the Triconex Tofino Firewall and the Triconex Communication Module’s on-board User Access Security Model ensures that it is a read-only window that can never impact the safety functionality. This combination of OPC-based accessibility with true defense-in-depth security lets Trinity provide cost-effective and secure access that would not have been possible even a year ago.

“Processors and manufacturers are continuously threatened by new and increasingly dangerous cyber attacks, which requires greater vigilance and security,” said Joe Scalia, portfolio architect, Invensys Operations Management. “An OPC firewall mitigates those risks by managing the traffic to and from the communications module, providing further assurance that a cyber incursion will not compromise integrated communications between the safety and critical control systems and supervisory HMI or distributed control systems.”

The right skills

Implementing the HMI portions of a safety system competently is also critical to securing communications between the SIS and the DCS. Communications integrity, including cybersecurity, must be ensured so that safety-based actions such as reads from the HMI to the safety system can be executed securely and without interruption.

Systems integrators today must be adept at securing transmission of controller real-time data and standard operating environment information as well as at adjusting control strategy parameters online, with full sensitivity to other system-based activities such as bypass management, SIL monitoring, safety alarm annunciation, and remote system diagnostics. In all of these, guaranteed viability of the communications capabilities ensures no loss of view or loss of data for the user.

More manufacturers seek to reduce costs by integrating safety and control systems. Opportunities abound for systems integrators who can meet these needs. Those who understand the cyber security features of control and safety systems, who develop tools to improve this integration, and who develop the right visualization and interoperability management competencies, will deliver their clients reliable and secure safety systems for the least cost.

Read more.

- Control Engineering Industrial Cyber Security blog;

- Automation cyber security research from Control Engineering; and

- Tofino security device.

- Neil Crompton is managing director, Trinity Systems Ltd.,  www.trinitysystems.com.



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
Each year, a panel of Control Engineering editors and industry expert judges select the System Integrator of the Year Award winners.
Control Engineering Leaders Under 40 identifies and gives recognition to young engineers who...
Learn more about methods used to ensure that the integration between the safety system and the process control...
Adding industrial toughness and reliability to Ethernet eGuide
Technological advances like multiple-in-multiple-out (MIMO) transmitting and receiving
Big plans for small nuclear reactors: Simpler, safer control designs; Smarter manufacturing; Industrial cloud; Mobile HMI; Controls convergence
Virtualization advice: 4 ways splitting servers can help manufacturing; Efficient motion controls; Fill the brain drain; Learn from the HART Plant of the Year
Two sides to process safety: Combining human and technical factors in your program; Preparing HMI graphics for migrations; Mechatronics and safety; Engineers' Choice Awards
The Ask Control Engineering blog covers all aspects of automation, including motors, drives, sensors, motion control, machine control, and embedded systems.
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
News and comments from Control Engineering process industries editor, Peter Welander.
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
This is a blog from the trenches – written by engineers who are implementing and upgrading control systems every day across every industry.
Anthony Baker is a fictitious aggregation of experts from Callisto Integration, providing manufacturing consulting and systems integration.
Integrator Guide

Integrator Guide

Search the online Automation Integrator Guide
 

Create New Listing

Visit the System Integrators page to view past winners of Control Engineering's System Integrator of the Year Award and learn how to enter the competition. You will also find more information on system integrators and Control System Integrators Association.

Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.