Integrating safety requires attention to cyber security issues as well
Safety instrumented systems (SIS) demand integrator skills significantly more advanced than those required for the usual PLC project. A system integrator must be able to deliver a system proven to meet client requirements for the safety integrity level (SIL) of each safety instrumented function (SIF). The integrator must also demonstrate the competency and qualifications to do SIS work.
The expertise required can extend far beyond just knowing how to program a SIS. For example, most safety systems need to have their communications functions integrated into the DCS communications infrastructure safely and securely. To do this, a system integrator must have the competency to configure and deploy the communications capabilities of the SIS and DCS.
Many integrators have some experience in this area because past projects have required them to set up communications to other intelligent systems at both the PLC level and the HMI level. Open standards like OPC Classic make it possible for integrators to work with a standard protocol that gives them greater flexibility. However, implementing via standards always involves certain risks.
Today’s projects also require system integrators to harden the communications integration by providing highly secure and robust systems. Cyber security is increasingly critical for maintaining control and safety integrity and for ensuring both communications security and integrity. Without it an integrator could deliver a system that could potentially experience a loss of view, or, worse, a loss of real-time data between the SIS and the DCS they are integrating. Meeting this challenge requires systems integrators to leverage the cyber security features of SIS and DCS, develop new tools, and develop new skill sets.
Leveraging cyber security features
In some cases, the systems integrator must work with the systems that are in place; in others, they might be involved in the selection of such systems. Systems must have communications and security solutions that are flexible enough to collaborate with a variety of third-party DCSs and easy enough to deploy so that the integrator can deliver the safety functions the client needs. It is also important that SIS functions are partitioned appropriately from the DCS functions so that a loss of communications or integrity will not prevent the safety system from performing its designed function, which is to keep the processes that require protection in a safe state.
Some SIS systems also self-police communications access. In one case, Invensys Operations Management (www.iom.invensys.com) collaborated with Byres Security (www.tofinosecurity.com), a cyber security firm, to add an OPC firewall to its Tricon Communications Modules (TCM). The firewall enabled a layer of defense-in-depth that lets systems integrators enjoy the flexibility and integration benefit of OPC Classic without worrying about security systems that have in the past been associated with DCOM-based systems.
“Past plant shutdowns, for example, haven’t been caused by hackers. Instead they were the result of badly configured software causing traffic storms that impacted critical controllers and other systems,” said Eric Byres, security expert and technical officer at Byres Security. “A reliable OPC firewall means that in addition to blocking hackers and viruses from accessing the safety system, integrators can deliver dynamic port management and built-in traffic-rate controls to prevent many basic network problems from spreading throughout a plant.”
The right tools
Sometimes meeting a client’s needs requires developing tools to augment vendor-supplied functionality. For example, Trinity Systems, a U.K.-based system integration firm experienced in safety systems integration, developed a remote viewer that takes advantage of the communications security features of the Triconex TCM and Triconex Firewall. The viewer allows the end user to have a simple and reasonably priced window into the SIS from the business or primary control networks, while the Triconex Tofino Firewall and the Triconex Communication Module’s on-board User Access Security Model ensures that it is a read-only window that can never impact the safety functionality. This combination of OPC-based accessibility with true defense-in-depth security lets Trinity provide cost-effective and secure access that would not have been possible even a year ago.
“Processors and manufacturers are continuously threatened by new and increasingly dangerous cyber attacks, which requires greater vigilance and security,” said Joe Scalia, portfolio architect, Invensys Operations Management. “An OPC firewall mitigates those risks by managing the traffic to and from the communications module, providing further assurance that a cyber incursion will not compromise integrated communications between the safety and critical control systems and supervisory HMI or distributed control systems.”
The right skills
Implementing the HMI portions of a safety system competently is also critical to securing communications between the SIS and the DCS. Communications integrity, including cybersecurity, must be ensured so that safety-based actions such as reads from the HMI to the safety system can be executed securely and without interruption.
Systems integrators today must be adept at securing transmission of controller real-time data and standard operating environment information as well as at adjusting control strategy parameters online, with full sensitivity to other system-based activities such as bypass management, SIL monitoring, safety alarm annunciation, and remote system diagnostics. In all of these, guaranteed viability of the communications capabilities ensures no loss of view or loss of data for the user.
More manufacturers seek to reduce costs by integrating safety and control systems. Opportunities abound for systems integrators who can meet these needs. Those who understand the cyber security features of control and safety systems, who develop tools to improve this integration, and who develop the right visualization and interoperability management competencies, will deliver their clients reliable and secure safety systems for the least cost.
– Neil Crompton is managing director, Trinity Systems Ltd., www.trinitysystems.com.