In the process of designing safety systems, an integrated approach in safety and cybersecurity analysis is necessary. The paper describes a new technique of increasing resilience through integrated analysis of functional safety and cybersecurity. It is a modeling methodology based on the combination of the multifactor method utilizing modified risk graphs, used previously for Safety Integrity Level (SIL) assessment, and the Non-Functional Requirements (NFR) approach. The NFR approach, based on the analysis of graphical representation of conceptual and physical components of the system, contributes a technique to include cybersecurity through the Softgoal Interdependency Graph. The assessment methodology is outlined in detail and applied to a case study involving an industrial control system. The analysis turns out to be effective in both aspects: confirming the findings of the multifactor approach based on modified risk graphs and complementing the traditional analysis to increase resilience in discovering and mitigating security vulnerabilities for SIL assessment by the use of NFR.
In the study, the functional safety of the hydraulic drive control system of a tracked undercarriage used as a mobile platform for a robotic bricklaying system (RBS) was evaluated. Hazards and risks caused by the hydraulic drive control system of the rubber track undercarriage were identified. The schematic diagram and main components of the conventional hydraulic drive control system of a tracked undercarriage are presented. The functions and parameters of the components of the hydraulic power and control system are discussed. In a conventional hydraulic drive, the safety function is fulfilled by failsafe brakes built into the hydraulic motors. To ensure that the RBS works safely on the construction site, it was necessary to introduce an advanced safe control system for the hydraulic drive of the tracked undercarriage. An advanced safe control system for the hydraulic drive of the tracked undercarriage includes hydraulic control valves with safety functions, a category 3 safe two-channel control architecture, and a safety microcontroller. SISTEMA software tools were utilized to determine safety functions and calculate their specifications. Based on the specifications of the safety function associated with the category of safety control architecture, the achievable performance level of the hydraulic drive control system for the tracked chassis was determined.
This chapter addresses selected issues concerning shaping resilience of the industrial automation and control systems (IACS). Such systems play nowadays a key role in safety and security of hazardous industrial installations and critical infrastructure networks due to a considerable attack surface. Productivity, safety, and security management is becoming now more and more challenging due to dynamic changes in business conditions, limited access to energy sources at accepted costs, adverse environment, pandemic consequences, difficulties in maintaining reliable and timely supply chains, etc. In situation of significant uncertainty and interrelated systems involved, a reasonable approach to achieve adopted goals is to elaborate a rational strategy of sustainable development to be combined with shaping resilience of relevant systems in life cycle. It concerns any organisation that governs for instance an industrial company and its manufacturing system, or a state institution responsible for critical infrastructure development. In this chapter shaping operational resilience of industrial control systems regarding basic functional safety and cybersecurity requirements is outlined.
This chapter addresses selected issues of strategic resilience of Industry 4.0 process installations and critical infrastructure systems that are designed and operated using converged technologies OT/IT/CT (operational technology/information technology/cloud technology) for effective business management in changing and uncertain environment. Two kinds of strategic resilience are distinguished: (I) the resilience concerning business processes to be evaluated and supported applying in industrial practice, e.g., a methodology of business continuity management (BCM), and (II) the resilience related to the safety and security technologies. Selected issues of these two areas of the overall resilience are discussed in relation to current references and reports. In area (II) the resilience of industrial automation and control systems (IACS) is emphasized that includes the requirements imposed on solutions of the functional safety (FS) and cybersecurity (CS) to be designed according to the defence in depth (DinD) concept using defined protection layers (PL). Responsible tasks in abnormal and accident situations are executed by the human operators that make use of an alarm system (AS) and its interface within overall human system interface (HSI). The human error probability (HEP) for relevant human operator behaviour type is evaluated using a human cognitive reliability (HCR) model. It is concluded that the resilience engineering (RE) concept is useful, but additional research effort is needed to develop integrated approaches and tools for supporting real engineering and organisational issues of strategic resilience.
This chapter addresses a business continuity management (BCM) framework for the Industry 4.0 companies including the organizational and technical solutions, regarding the dependability and security of the information and telecommunication technology (ICT), and the industrial control system (ICS)/supervisory control and data acquisition (SCADA) system. These technologies and systems play nowadays important roles in modern advanced manufacturing systems and process plants due to their openness to external systems and networks using various communication channels. It gives on the one hand, some advantages in effective realization of technological and business processes, logistics and distribution of goods, but, on the other hand, makes the company assets and resources potentially vulnerable to some threats with relevant risks. The chapter outlines some ideas related to designing a business continuity management system (BCMS) based on defined processes and procedures. Such system includes planning of changes in organization/industrial company, nonconformity issues, and planning corrective actions. In a final part of this chapter the leadership importance, and staff awareness and responsibility are emphasized to create a robust and healthy corporate culture based on accepted values, properly spread among the employees. It is beneficial for shaping good organizational culture, and then safety and security culture. The BCM approach outlined in this chapter distinguishes both preventive and recovery activities regarding suggestions in selected international standards and domain publications.
6
Dostęp do pełnego tekstu na zewnętrznej witrynie WWW
An approach to solving the problem of analysis and improving the functional safety of cyber-physical control systems for distributed continuous objects is proposed. The model of a one-level cyber-physical system of coordination control was developed, the sources of dangers are analyzed and the probability of a dangerous operating mode is estimated.
PL
Zaproponowano podejście do rozwiązania problemu analizy i poprawy bezpieczeństwa funkcjonalnego cyberfizycznych systemów sterowania rozproszonymi obiektami ciągłymi. Opracowano model jednopoziomowego cyberfizycznego systemu sterowania koordynacyjnego, przeanalizowano źródła zagrożeń i oszacowano prawdopodobieństwo wystąpienia niebezpiecznego trybu funkcjonowanie.
Problem bezpieczeństwa w systemach produkcyjnych Przemysłu 4.0 ma charakter wielowymiarowy. Nowe technologie generują nowe rodzaje zagrożeń, ale jednocześnie umożliwiają budowę bardziej efektywnych systemów bezpieczeństwa. W nowoczesnych maszynach coraz większa rolę w zapewnianiu bezpieczeństwa ich operatorów odgrywają systemy sterowania. Ubocznym tego skutkiem jest pojawienie się nowych zagrożeń związanych z nieuprawnionymi ingerencjami w systemy informatyczne. Projektując takie systemy, należy pamiętać o możliwości wystąpienia defektów i uszkodzeń, które mogą spowodować powstanie zagrożeń dla operatorów maszyn. Oznacza to, że przy ocenie ryzyka należy uwzględnić także możliwość niekorzystnego oddziaływania potencjalnych ataków na integralność systemów sterowania realizujących funkcje bezpieczeństwa. Pierwszym dokumentem normalizacyjnym w którym omówiono aspekty bezpieczeństwa maszyn, na które mogą mieć wpływ ataki na bezpieczeństwo informatyczne związane z bezpośrednim lub zdalnym dostępem do systemów sterowania związanych z bezpieczeństwem i manipulowaniem nimi przez osoby w celu zamierzonego nadużycia jest przewodnik ISO/TR 22100-4:2018. Problem ochrony danych w komputerowych systemach sterowania maszynami aktualnie jest całkowicie pomijany przez ich projektantów ze względu na brak przystępnej metodyki oceny ryzyka w tym aspekcie. Opracowanie takiej metodyki znacząco usprawni proces projektowania zabezpieczeń odpowiednich do poziomu ryzyka. W artykule omówione główne zagadnienia, które wziąć pod uwagę przy uwzględnieniu oceny ryzyka cyber atakiem w procesie oceny ryzyka związanego z obsługą maszyn.
EN
The problem of safety in production systems of Industry 4.0 is multidimensional. New technologies generate new types of hazards, but at the same time make it possible to build more effective safety systems. In modern machines, control systems play an increasingly important role in ensuring the safety of operators. A side effect of this is the occurrence of new hazards related to unauthorized access to information systems. When designing such systems, one must take into account the possibility of faults and failures that may cause hazards for machine operators. This means that the risk assessment must also take into account the possibility of adverse effects of potential attacks on the integrity of control systems performing safety functions. The first standardization document that discusses aspects of machine safety that can be affected by IT security attacks related to direct or remote access to and manipulation of safety-related control systems by individuals for intentional misuse is ISO/TR 22100-4:2018. The problem of data protection in computer-based machine control systems is currently completely neglected by their designers due to the lack of an accessible risk assessment methodology for this aspect. The development of such a methodology will significantly improve the process of designing protections appropriate to the level of risk. The article discusses the main issues that should be taken into account considering the risk of cyber attack in the process of evaluating the risks associated with operating machinery.
This chapter addresses the systems engineering approach to integrated functional safety and cybersecurity analysis and management regarding selected references, standards and requirements concerning critical installations and their industrial automation and control system (IACS). The objective is to mitigate the vulnerability of industrial installations that include the information technology (IT) and the operational technology (OT) to reduce relevant risks. This approach includes verifying the safety integrity level (SIL) of defined safety functions, and then to check the level obtained taking into account the security assurance level (SAL) of particular domain, such as a safety related control system (SRCS), in which given safety function is to be implemented. The SAL is determined based on a vector of fundamental requirements (FRs). The method proposed uses defined risk graphs for the individual and/or the societal risk, and relevant risk criteria, for determining the SIL required of given safety function, and probabilistic models to verify the SIL achievable for the SRCS architecture to be designed and then implemented in an industrial installation.
Communication-based Train Control (CBTC) system is a widely-used signaling system. There is an increasing demand for innovating the traditional ground-centric architecture. With the application of train-train communication, object control and other advanced techniques, Train-centric CBTC (TcCBTC) system is expected to be the most promising tendency of train control system. The safe tracking interval would be reduced as well as the life-cycle costs. Formal methods play an essential role in the development of safety-critical systems, which provides an early integration of the verifiable design process. In the paper, the architecture design of TcCBTC is first analyzed. The official system specification of TcCBTC has not issued, so it takes efforts to perform the systematic summarization of the functional requirements. Secondly, we propose an integrated framework that combines the Colored Petri Net (CPN) models with the functional safety verification of the underlying systems. Functional safety depends on the logic accuracy and is a part of overall safety. The framework also specifies what kinds of functions, behaviors or properties need to be verified. The train control procedure of TcCBTC is regarded as the link among new functional modules, thus it is chosen as the modelling content. Thirdly, the scenarios and the color sets are prepared. Models are established with the novel design thought from top to bottom. Simulation and testing are implemented during the model establishment to discover the apparent errors. Lastly, the model checking by state space is performed. All possible states are checked in detail. Standard behavioral properties and other user-defined properties are verified by state space report and ASK-CTL (Computation Tree Logic) queries, respectively. Verification results reveal that the models are reasonable to depict the dynamic behaviors of train control procedure. The functional safety properties are satisfied and prepared for further drafting the system functional specification.
This article addresses integrated functional safety and cybersecurity analysis with regard to: the generic functional safety standard IEC 61508 and the cyber security standard IEC 62443 concerning an industrial automation and control system (IACS). The objective is to mitigate the vulnerability of information technology (IT) and operational technology (OT) systems, and reduce relevant risks taking into account a set of fundamental requirements (FRs). A method is proposed for determining and verifying the performance level (PL) or the safety integrity level (SIL) of defined safety functions, and then validating these levels depending on the security level (SL) of a particular domain,e.g.a safety related control system (SRCS). The method is general in the sense that it is based on risk graphs prepared for individual risk and/or societal/group risk with regard to the criteria defined.
Even the best technology will be ineffective if not used appropriately, therefore education and training about cybersecurity principles and programs are essential components of any cybersecurity strategy. This article presents selected models of the decision support theory from the point of view of cybersecurity education. The analysis of scientific literature and the available research results serve as a base to characterize approaches to raise the awareness of decision-makers about potential cyber threats and the development of appropriate attitudes and the conscious use of information systems and digital resources. The main part of the article is devoted to the issue of the use of teaching methods to increase the involvement of learners. It also describes examples of selected models of the game theory used in IT security education, including examples of simulation games dedicated to decision-making in the domain of IT security.
This article addresses some functional safety assessment procedures with cybersecurity aspects in critical industrial installations with regard to the functional safety requirements specified in standards IEC 61508 and IEC 61511. The functional safety management includes hazard identification, risk analysis and assessment, specification of overall safety requirements and definition of safety functions. Based on the risk assessment results, the safety integrity level (SIL) is determined for consecutive safety functions. These functions are implemented within the industrial control system (ICS) and/or the distributed control system (DCS) that consists of the basic process control system (BPCS) and/or the safety instrumented system (SIS). The determination of the required SIL related to the required risk mitigation is based on the semi-quantitative evaluation method. Verification of the SIL for the considered architectures o fthe BPCS and/or the SIS is supported by probabilistic models with appropriate data and model parameters including cybersecurity related aspects. The proposed approach is illustrated on the example of critical industrial installations.
The work is devoted important issues of the management in maritime critical infrastructure of functional safety analysis, in particular the safety integrity level (SIL) verification of safety functions to be implemented within the distributed control and protection systems with regard to cyber security aspects. A method based on quantitative and qualitative information is proposed for the SIL (IEC 61508, 61511) verification with regard of the evaluation assurance levels (EAL) (ISO/IEC 15408), the security assurance levels (SAL) (IEC 62443), and the number of protection rings described in the Secure Safety (SeSa-SINTEF) methodology. The proposed approach will be composed of the following items: process and procedure based safety and cyber security management, integrated safety and security assessment of industrial control system (ICS) of the maritime critical infrastructure. Proposed methodology is illustrated on case study that based on the part of installation critical maritime infrastructure.
This report addresses selected methodological aspects of proactive reliability, functional safety and cyber security management in life cycle of industrial automation and control systems (IACS) in hazardous plants and oil port critical installations based on the analysis of relevant hazards / threats and evaluation of related risks. In addition the insurance company point of view has been also considered, because nowadays the insurer, interested in decreasing risks to be insured, offers the expertise how to limit effectively risks in life cycle from the design conceptual stage of hazardous plant, through its reliable and safe operation, until decommissioning. Therefore, the risk evaluation model for insurance related decision making for the period considered, e.g. one year, should be plant specific with some predictive properties due to changing environment and business conditions, and usually considerable uncertainty involved. The objective is to evaluate and mitigate risks, and control them proactively, through undertaking appropriate activities within a process based management system according to elaborated policy and strategy that includes organisational and technical aspects, including preventive maintenance activities of sensitive equipment and updating in time the training programmes. Careful evaluating and controlling risks is also crucial for the insurance company. Basic activities of the risk engineers and underwriters in the insurance process are outlined in the context of identified hazards/threats and defined factors that significantly influence risks to be considered in evaluating the insurance premium in the context of terms and conditions specified.
W artykule opisano praktyczne porady dotyczące projektowania urządzeń PEE w celu zapewnienia bezpieczeństwa funkcjonalnego. Są to doświadczenia zebrane w trakcje wdrożenia certyfikatu SIL w IASE Sp. z o.o. Omówiono główne zagadnienia rozdziału warstwy fizycznej i programowej. Podano wymagania projektowe dla powyższych warstw. W zakończeniu określono ogólne metody walidacji projektowanych urządzeń PEE.
EN
Described are practical guidelines concerning the design of PEE equipment with the aim to ensure functional safety. They are based on the experience gathered during implementation of SIL certificate in IASE Sp. z o.o. Discussed are the main issues of physical and software layers separation. Given are design requirements for these layers. Determined are general methods for validation of the designed PEE equipment.
Safety engineering has become a challenging and rewarding career field in the present day age of rapid technological and scientific advances. But how to raise student’s awareness regarding the legal and regulatory requirements introduced by safety organizations and government agencies? The aim of this paper is to show how successful cooperation between professionals in the field of safety engineering, especially functional safety and experienced university language teachers can boost student motivation and inspire them to face the social and industrial needs of changing business environments. We will try to prove that a tailor-made course provides students with efficient information about the subject, source material and vocabulary from the field of safety engineering. It will also enable students to use knowledge to respond to hazards and accidents. It will teach them to take independent decisions in emergency situations and prepare them to feel comfortable in the global business.
17
Dostęp do pełnego tekstu na zewnętrznej witrynie WWW
Typically, railways have developed over time. When new technical system became available, they were adapted and integrated into the existing system. Usually, this led also to adapted or changed operational rules. However, there was never a structured and systematic approach in the development of operational rules, at least not in Germany. It is very difficult to get a comprehensive overview of today’s rules and also to estimate and compare the effect of significant changes. One of these concrete significant changes is the necessity to hardening railway operations against possible IT security threats in modern railway IT systems. We realized that, in order to have an approach which can evaluate, adapt, develop, trace and manage the operational rules systematically, a new multipurpose generic framework will be needed. In this paper, we focus on introducing a multipurpose generic framework and its usage for developing systematic railway operational rules. The work in this paper is part of our ongoing research project SysRULES (2017-2019), which is funded by the Karl Vossloh-Stiftung in Germany.
The approach addresses selected technical and organization aspects of risk mitigation in the oil port installations with regard to functional safety and security requirements specified in standards IEC 61508, IEC 61511 and IEC 62443. The procedure for functional safety management includes the hazard identification, risk analysis and assessment, specification of overall safety requirements and definition of safety functions. Based on the risk evaluation results the safety integrity level (SIL) and security assurance level (SAL) will be determined for consecutive safety functions. The proposed approach will be composed of the following items: process and procedure based safety and security management, example of procedure based safety management including insurance, integrated safety and security assessment of industrial control system (ICS) of the oil port pipelines, tanks and critical infrastructure.
Cognitive engineering is considered nowadays as interesting multidisciplinary domain that focuses on improving the relations between humans and the systems that are supervised and operated. The industrial automation and control systems (IACS) in hazardous plants are increasingly computerized and perform various safety functions. These are designed and implemented according to the functional safety concept. The objective is to maintain high performance / productivity and reduce various risks related to identified hazards and threats. An approach is proposed to apply selected cognitive engineering methods for verifying the design of the functional safety technology implemented in given hazardous plant in context of defined safety functions, operator interfaces, communication means and procedures. The methodology developed might be applied for functional safety management in life cycle of industrial hazardous plants and oil port terminals.
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.