Systems engineering approach to functional safety and cyber security of industrial critical installations

• Autorzy: Kosmowski Kazimierz T.

Identyfikatory

DOI

10.26408/srsp-2020-10

• Konferencja: 14th Summer Safety & Reliability Seminars - SSARS 2020, 26-30 September 2020, Ciechocinek, Poland
• Języki publikacji: EN

Abstrakty

EN

This chapter addresses the systems engineering approach to integrated functional safety and cybersecurity analysis and management regarding selected references, standards and requirements concerning critical installations and their industrial automation and control system (IACS). The objective is to mitigate the vulnerability of industrial installations that include the information technology (IT) and the operational technology (OT) to reduce relevant risks. This approach includes verifying the safety integrity level (SIL) of defined safety functions, and then to check the level obtained taking into account the security assurance level (SAL) of particular domain, such as a safety related control system (SRCS), in which given safety function is to be implemented. The SAL is determined based on a vector of fundamental requirements (FRs). The method proposed uses defined risk graphs for the individual and/or the societal risk, and relevant risk criteria, for determining the SIL required of given safety function, and probabilistic models to verify the SIL achievable for the SRCS architecture to be designed and then implemented in an industrial installation.

Słowa kluczowe

EN

systems engineering; functional safety; cyber security; control systems; cyber physical system

• Wydawca: Gdynia Maritime University ; Polskie Towarzystwo Bezpieczeństwa i Niezawodności
• Czasopismo: Safety and Reliability of Systems and Processes
• Rocznik: 2020
• Tom: Summer Safety and Reliability Seminar 2020
• Strony: 135--151
• Opis fizyczny: Bibliogr. 32 poz., rys., tab.

Twórcy

autor

Kosmowski Kazimierz T.

• Gdańsk University of Technology, Gdańsk, Poland

Bibliografia

• [1] Braband, J. 2016. What's Security level go to do with safety integrity level? Proceedings of 8th European Congress on Embedded Real Time Software and Systems, hal-01289437, Toulouse.
• [2] CISA. 2020. Assessments: Cyber Resilience Review, (https://us-cert.gov/resources/assessments, accessed: Febr 2020).
• [3] ENISA. 2016. Communication Network Dependencies for ICS/SCADA Systems, European Union Agency for Network and Information Security.
• [4] Felser, M., Rentschler, M. & Kleinberg, O. 2019. Proceedings of the IEEE Coexistence Standardisation of Operational Technology and Information Technology, 107(6).
• [5] Gołębiewski, D. & Kosmowski, K. T. 2017. Towards process-based management system for oil port infrastructure in context of insurance. Journal of Polish Safety and Reliability Association, Summer Safety and Reliability Seminars 8(1), 23-37.
• [6] Holstein, D. K. & Singer, B. 2010. Quantitative security measures for cyber & safety security assurance. Presented at: ISA Safety & Security Symposium, ISA.
• [7] HSE. 2015. Cyber Security for Industrial Automation and Control Systems, Health and Safety Executive (HSE) Interpretation of Current Standards on Industrial Communication Network and System Security, and Functional Safety.
• [8] IEC 61508. 2016. Functional Safety of Electrical/ Electronic/ Programmable Electronic Safety-Related Systems, Parts 1-7. International Electrotechnical Commission, Geneva.
• [9] IEC 61511. 2016. Functional Safety: Safety Instrumented Systems for the Process Industry Sector. Parts 1-3. International Electrotechnical Commission, Geneva.
• [10] IEC 62061. 2005. Safety of Machinery – Functional Safety of Safety-Related Electrical, Electronic, and Programmable Electronic Control Systems. International Electrotechnical Commission, Geneva.
• [11] IEC 62443. 2018. Security for Industrial Automation and Control Systems. Parts 1-14 (some parts in preparation). International Electrotechnical Commission, Geneva.
• [12] IEC 63074. 2017. Security Aspects Related to Functional Safety of Safety-Related Control Systems. International Electrotechnical Commission, Geneva.
• [13] IS. 2019. Industrial Security. Siemens, siemens.com/industrial security.
• [14] ISO 22301. 2012. Societal Security – Business Continuity Management – Requirements. International Organisation for Standardisation, Geneva.
• [15] ISO 22400. 2014. Automation Systems and Integration - Key Performance Indicators (KPIs) for Manufacturing Operations Management, Parts 1 and 2. International Organisation for Standardisation, Geneva.
• [16] ISO/IEC 15408. 2009. Information Technology, Security Techniques - Evaluation Criteria for IT Security, Part 1-3, Geneva.
• [17] ISO/IEC 27001. 2013. Information Technology - Security Techniques - Information Security Management Systems – Requirements, Geneva.
• [18] ISO/IEC 27005. 2018. Information Technology - Security Techniques - Information Security Risk Management, Geneva.
• [19] Kosmowski, K. T. 2006. Functional safety concept for hazardous system and new challenges. Journal of Loss Prevention in the Process Industries, 19(1) 298-305.
• [20] Kosmowski, K. T., Śliwiński, M. & Barnert, T. 2006. Functional safety and security assessment of the control and protection systems. European Safety & Reliability Conference, ESREL 2006, Taylor & Francis Group, London.
• [21] Kosmowski, K. T. 2013. Functional Safety and Reliability Analysis Methodology for Hazardous Industrial Plants. Gdansk University of Technology Publishers.
• [22] Kosmowski, K. T. & Śliwiński, M. 2015. Knowledge-based functional safety and security management in hazardous industrial plants with emphasis on human factors. In: Advanced Systems for Automation and Diagnostics, PWNT, Gdańsk.
• [23] Kosmowski, K. T. & Śliwiński, M. 2016. Organizational culture as prerequisite of proactive safety and security management in critical infrastructure systems including hazardous plants and ports. Journal of Polish Safety and Reliability Association, Summer Safety and Reliability Seminars 7(1) 133-145.
• [24] Kosmowski, K. T. 2018. Safety integrity verification issues of the control systems for industrial power plants. In: Advanced Solutions in Diagnostics and Fault Tolerant Control. Springer Int. Publishing AG, 420-433.
• [25] Kosmowski, K. T. & Gołębiewski, D. 2019. Functional safety and cyber security analysis for life cycle management of industrial control systems in hazardous plants and oil port critical infrastructure including insurance. Journal of Polish Safety and Reliability Association, Summer Safety and Reliability Seminars 10(1) 99-126.
• [26] Kosmowski, K. T., Śliwiński, M. & Piesik, J. 2019. Integrated functional safety and cybersecurity analysis method for smart manufacturing systems. TASK Quarterly 23(2) 1-31.
• [27] Li, S. W. et al. 2017. Architecture Alignment and Interoperability, an Industrial Internet Consortium and Platform Industrie 4.0, IIC:WHT:IN3:V1.0:PB:20171205.
• [28] MERgE. 2016. Safety & Security, Recommendations for Security and Safety Coengineering, Multi-Concerns Interactions System Engineering ITEA2 Project No. 11011.
• [29] Misra, K. B. (Ed.) 2008. Handbook of Performability Engineering, Springer, London.
• [30] SE. 2001. Systems Engineering Fundamentals. Defense Acquisition University Press, Fort Belvoir, Virginia 22060-5565.
• [31] SESAMO. 2014. Integrated Design and Evaluation Methodology. Security and Safety Modelling. Artemis JU Grant Agreement, No. 2295354.
• [32] Vathoopan, M. et al. 2018. AutomationML mechatronic models as enabler of automation systems engineering: use-case and evaluation. Proceedings of the IEEE 23rd International Conference on Emerging Technologies and Factory Automation (ETFA), IEEE.