Integrating safety requires attention to cyber security issues as well

Safety instrumented systems (SIS) demand integrator skills significantly more advanced than those required for the usual PLC project. A system integrator must be able to deliver a system proven to meet client requirements for the safety integrity level (SIL) of each safety instrumented function (SIF).

07/06/2010


Robust security systems that include defense-in-depth firewalls are increasingly more critical to ensuring the safe operation of automated machinery and industrial control systems. (Source: Invensys Operations Management)Safety instrumented systems (SIS) demand integrator skills significantly more advanced than those required for the usual PLC project. A system integrator must be able to deliver a system proven to meet client requirements for the safety integrity level (SIL) of each safety instrumented function (SIF). The integrator must also demonstrate the competency and qualifications to do SIS work.

The expertise required can extend far beyond just knowing how to program a SIS. For example, most safety systems need to have their communications functions integrated into the DCS communications infrastructure safely and securely. To do this, a system integrator must have the competency to configure and deploy the communications capabilities of the SIS and DCS.

Many integrators have some experience in this area because past projects have required them to set up communications to other intelligent systems at both the PLC level and the HMI level. Open standards like OPC Classic make it possible for integrators to work with a standard protocol that gives them greater flexibility. However, implementing via standards always involves certain risks.

Today’s projects also require system integrators to harden the communications integration by providing highly secure and robust systems. Cyber security is increasingly critical for maintaining control and safety integrity and for ensuring both communications security and integrity. Without it an integrator could deliver a system that could potentially experience a loss of view, or, worse, a loss of real-time data between the SIS and the DCS they are integrating. Meeting this challenge requires systems integrators to leverage the cyber security features of SIS and DCS, develop new tools, and develop new skill sets.

Leveraging cyber security features

In some cases, the systems integrator must work with the systems that are in place; in others, they might be involved in the selection of such systems. Systems must have communications and security solutions that are flexible enough to collaborate with a variety of third-party DCSs and easy enough to deploy so that the integrator can deliver the safety functions the client needs. It is also important that SIS functions are partitioned appropriately from the DCS functions so that a loss of communications or integrity will not prevent the safety system from performing its designed function, which is to keep the processes that require protection in a safe state.

Some SIS systems also self-police communications access. In one case, Invensys Operations Management (www.iom.invensys.com) collaborated with Byres Security (www.tofinosecurity.com), a cyber security firm, to add an OPC firewall to its Tricon Communications Modules (TCM). The firewall enabled a layer of defense-in-depth that lets systems integrators enjoy the flexibility and integration benefit of OPC Classic without worrying about security systems that have in the past been associated with DCOM-based systems.

“Past plant shutdowns, for example, haven’t been caused by hackers. Instead they were the result of badly configured software causing traffic storms that impacted critical controllers and other systems,” said Eric Byres, security expert and technical officer at Byres Security. “A reliable OPC firewall means that in addition to blocking hackers and viruses from accessing the safety system, integrators can deliver dynamic port management and built-in traffic-rate controls to prevent many basic network problems from spreading throughout a plant.”

The right tools

Sometimes meeting a client’s needs requires developing tools to augment vendor-supplied functionality. For example, Trinity Systems, a U.K.-based system integration firm experienced in safety systems integration, developed a remote viewer that takes advantage of the communications security features of the Triconex TCM and Triconex Firewall. The viewer allows the end user to have a simple and reasonably priced window into the SIS from the business or primary control networks, while the Triconex Tofino Firewall and the Triconex Communication Module’s on-board User Access Security Model ensures that it is a read-only window that can never impact the safety functionality. This combination of OPC-based accessibility with true defense-in-depth security lets Trinity provide cost-effective and secure access that would not have been possible even a year ago.

“Processors and manufacturers are continuously threatened by new and increasingly dangerous cyber attacks, which requires greater vigilance and security,” said Joe Scalia, portfolio architect, Invensys Operations Management. “An OPC firewall mitigates those risks by managing the traffic to and from the communications module, providing further assurance that a cyber incursion will not compromise integrated communications between the safety and critical control systems and supervisory HMI or distributed control systems.”

The right skills

Implementing the HMI portions of a safety system competently is also critical to securing communications between the SIS and the DCS. Communications integrity, including cybersecurity, must be ensured so that safety-based actions such as reads from the HMI to the safety system can be executed securely and without interruption.

Systems integrators today must be adept at securing transmission of controller real-time data and standard operating environment information as well as at adjusting control strategy parameters online, with full sensitivity to other system-based activities such as bypass management, SIL monitoring, safety alarm annunciation, and remote system diagnostics. In all of these, guaranteed viability of the communications capabilities ensures no loss of view or loss of data for the user.

More manufacturers seek to reduce costs by integrating safety and control systems. Opportunities abound for systems integrators who can meet these needs. Those who understand the cyber security features of control and safety systems, who develop tools to improve this integration, and who develop the right visualization and interoperability management competencies, will deliver their clients reliable and secure safety systems for the least cost.

Read more.

- Control Engineering Industrial Cyber Security blog;

- Automation cyber security research from Control Engineering; and

- Tofino security device.

- Neil Crompton is managing director, Trinity Systems Ltd.,  www.trinitysystems.com.



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
Each year, a panel of Control Engineering editors and industry expert judges select the System Integrator of the Year Award winners.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Learn how to create value with re-use; gain productivity with lean automation and connectivity, and optimize panel design and construction.
Go deep: Automation tackles offshore oil challenges; Ethernet advice; Wireless robotics; Product exclusives; Digital edition exclusives
Lost in the gray scale? How to get effective HMIs; Best practices: Integrate old and new wireless systems; Smart software, networks; Service provider certifications
Fixing PID: Part 2: Tweaking controller strategy; Machine safety networks; Salary survey and career advice; Smart I/O architecture; Product exclusives
The Ask Control Engineering blog covers all aspects of automation, including motors, drives, sensors, motion control, machine control, and embedded systems.
Look at the basics of industrial wireless technologies, wireless concepts, wireless standards, and wireless best practices with Daniel E. Capano of Diversified Technical Services Inc.
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
This is a blog from the trenches – written by engineers who are implementing and upgrading control systems every day across every industry.
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.