Current issue of functional safety and cybersecurity analysis of industrial and critical infrastructures

• Autorzy: Śliwiński Marcin , Kosmowski Kazimierz, T. , Piesik Emilian

Identyfikatory

DOI

10.17466/tq2019/23.2/b

• Języki publikacji: EN

Abstrakty

EN

This article addresses some functional safety assessment procedures with cybersecurity aspects in critical industrial installations with regard to the functional safety requirements specified in standards IEC 61508 and IEC 61511. The functional safety management includes hazard identification, risk analysis and assessment, specification of overall safety requirements and definition of safety functions. Based on the risk assessment results, the safety integrity level (SIL) is determined for consecutive safety functions. These functions are implemented within the industrial control system (ICS) and/or the distributed control system (DCS) that consists of the basic process control system (BPCS) and/or the safety instrumented system (SIS). The determination of the required SIL related to the required risk mitigation is based on the semi-quantitative evaluation method. Verification of the SIL for the considered architectures o fthe BPCS and/or the SIS is supported by probabilistic models with appropriate data and model parameters including cybersecurity related aspects. The proposed approach is illustrated on the example of critical industrial installations.

Słowa kluczowe

EN

cybersecurity; functional safety; safety integrity level; security level; evaluation assurance level; industrial control system; safety instrumented system

• Wydawca: Politechnika Gdańska
• Czasopismo: TASK Quarterly : scientific bulletin of Academic Computer Centre in Gdansk
• Rocznik: 2019
• Tom: Vol. 23, No 2
• Strony: 209--232
• Opis fizyczny: Bibliogr. 41 poz., rys., tab.

Twórcy

autor

Śliwiński Marcin

• Faculty of Electrical and Control Engineering, Gdańsk University of Technology, G. Narutowicza 11/12, 80–233 Gdańsk, Poland

autor

Kosmowski Kazimierz, T.

• Faculty of Electrical and Control Engineering, Gdańsk University of Technology, G. Narutowicza 11/12, 80–233 Gdańsk, Poland

autor

Piesik Emilian

• Faculty of Electrical and Control Engineering, Gdańsk University of Technology, G. Narutowicza 11/12, 80–233 Gdańsk, Poland

Bibliografia

• [1] IEC 61508 2010 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems. Parts 1–7, International Electrotechnical Commission, Geneva
• [2] IEC 61511, Functional safety 2016 Safety Instrumented Systems for the Process Industry Sector. Parts 1–3, International Electrotechnical Commission, Geneva
• [3] Barnert T, Kosmowski K T and Śliwiński M 2010 Proc. PSAM 10, Seattle
• [4] Barnert T, Kosmowski K T and Śliwiński M 2010 A method for including the security aspects in the functional safety analysis of distributed control and protection systems,ESREL, Rhodes, Greece
• [5] Barnert T, Kosmowski K T and Śliwiński M 2012 Journal of Polish Safety and Reliability Association, Summer Safety and Reliability Seminars
• [6] Barnert T and Śliwiński M 2013 Functional safety and information security in the critical infrastructure objects and systems. Modern communication and data transfer systems for safety and security, Wolters Kluwer, Warsaw
• [7] Gruhn P and Cheddie H L 2006 Safety Instrumented Systems: Design, Analysis and Justification, Research Triangle Park: ISA – The Instrumentation, Systems and Automation Society
• [8] Saleh J H and Cummings A M 2011 Safety Science 4964
• [9] IEC 62443 2013 Security for industrial automation and control systems. Parts 1–13, International Electrotechnical Commission, Geneva
• [10] IEC TR 63074 2019 Safety of machinery – Security aspects to functional safety of safety-related control systems, International Electrotechnical Commission, Geneva
• [11] ISO/IEC 15408 2009 Information technology, Security techniques – Evaluation criteriafor IT security. Part 1–3, International Organization for Standardization / International Electrotechnical Commission, Geneva
• [12] ISO/IEC 27001 2007 Information technology, Security techniques, Information security management systems, International Organization for Standardization / International Electrotechnical Commission, Geneva
• [13] ISO/IEC 27002 2013 Information technology, Security techniques – Code of practice for information security management, International Organization for Standardization International Electrotechnical Commission, Geneva
• [14] Torres-Echeverria A C 2016 Journal of Loss Prevention in the Process Industries 41333
• [15] ISO 31000 2018 Risk management – Guidelines, International Organization for Standardization, Geneva
• [16] Piwowar J, Chatelet E and Laclemence P 2009 Reliability Engineering & System Safety 941869
• [17] Petersen S and Aakvaag N 2015 Wireless Instrumentation for Safety Critical Systems,Technology, Standards, Solutions and Future Trends (SINTEF A26762), Norway, Trondheim
• [18] Śliwiński M 2011 Journal of Polish Safety Reliability Association 3
• [19] Śliwiński M, Kosmowski K T and Piesik E 2015 Verification of the safety integrity levels with regard of information security issues, [in] Advanced Systems for Automation and Diagnostics, PWNT, Gdansk
• [20] Kosmowski K T 2013 Functional safety and reliability analysis methodology for hazardous industrial plants, Gdansk University of Technology Publishers, Gdansk
• [21] Missala T 2010 Book of procedures for functional safety compliance evaluation of protection systems in the process industry. Report no. 8795, PIAP, Warsaw
• [22] Piesik E, Śliwiński M and Barnert T 2016 Reliability Engineering & System Safety 152259
• [23] Hildebrandt H 2000 Critical aspects of safety, availability and communication in the control of a subsea gas pipeline, Requirements and Solutions HIMA
• [24] SESAMO, Integrated 2014 Design and Evaluation Methodology. Security and Safety modelling, Artemis JU Grant Agr. no. 2295354
• [25] MERgE Safety & Security 2016 Recommendations for Security and Safety Coengineering, Multi-Concerns Interactions System Engineering ITEA2 Project #1 1011
• [26] Goslin Ch 2008 Maritime and port security, Duos Technologies Inc., Jacksonville
• [27] Grøtan T O, Jaatun M G, Øien K and Onshus T 2007 The SeSa Method for Assessing Secure Remote Access to Safety Instrumented Systems (SINTEF A1626), Norway,Trondheim
• [28] Kanamaru H 2017 Proc. SICE Annual Conference 2017
• [29] Kosmowski K T, Śliwiński M and Barnert T 2006 Proc. European Safety & Reliability Conference – ESREL, Taylor & Francis Group, London
• [30] Białas A 2008 Semiformal Common Criteria compliant IT security development framework, Studia Informatica, Silesian University of Technology Press, Gliwice
• [31] Śliwiński M 2018 Functional safety and information security in the critical infrastructure systems and objects. Monographs 171, Gdansk University of Technology Publishers,Gdansk
• [32] Śliwinski M, Piesik E and Piesik J 2018 IFAC Papers OnLine 511263
• [33] Roos C J and Myers P E 2015 The Engineer’s Guide to Overfill Prevention. Emerson Process Management 2015 Edition, Emerson
• [34] Gabriel A, Ozansoy C and Shi J 2018 Reliability Engineering and System Safety 177148
• [35] Fovino I N, Masera M and Cian A D 2009 Reliability Engineering and System Safety 941394
• [36] Hokstad P 2004 Proc. European Safety & Reliability Conference, Berlin
• [37] Hoyland A and Rausand M 2004 System Reliability Theory. Models and Statistical Methods. Second Edition, John Wiley & Sons Inc., Hoboken, New Jersey
• [38] Goble W and Cheddie H 2005 Safety instrumented systems verification: Practica lprobabilistic calculations, ISA
• [39] Kumamoto H 2007 Satisfying safety goals by probabilistic risk assessment. Springer Seriesin Reliability Engineering, Springer, London
• [40] Stavrianidis P 1992 Reliability Engineering and System Safety 39309
• [41] SINTEF 2010 Reliability Data for Safety Instrumented Systems – PDS Data Handbook.SINTEF 2010 edition