Towards strategic resilience of process plants and critical infrastructure regarding functional safety and cybersecurity requirements

• Autorzy: Kosmowski Kazimierz T.

Identyfikatory

DOI

10.26408/srsp-2022-08

• Konferencja: 16th Summer Safety & Reliability Seminars - SSARS 2022, 4-11 September 2022, Ciechocinek, Poland
• Języki publikacji: EN

Abstrakty

EN

This chapter addresses selected issues of strategic resilience of Industry 4.0 process installations and critical infrastructure systems that are designed and operated using converged technologies OT/IT/CT (operational technology/information technology/cloud technology) for effective business management in changing and uncertain environment. Two kinds of strategic resilience are distinguished: (I) the resilience concerning business processes to be evaluated and supported applying in industrial practice, e.g., a methodology of business continuity management (BCM), and (II) the resilience related to the safety and security technologies. Selected issues of these two areas of the overall resilience are discussed in relation to current references and reports. In area (II) the resilience of industrial automation and control systems (IACS) is emphasized that includes the requirements imposed on solutions of the functional safety (FS) and cybersecurity (CS) to be designed according to the defence in depth (DinD) concept using defined protection layers (PL). Responsible tasks in abnormal and accident situations are executed by the human operators that make use of an alarm system (AS) and its interface within overall human system interface (HSI). The human error probability (HEP) for relevant human operator behaviour type is evaluated using a human cognitive reliability (HCR) model. It is concluded that the resilience engineering (RE) concept is useful, but additional research effort is needed to develop integrated approaches and tools for supporting real engineering and organisational issues of strategic resilience.

Słowa kluczowe

EN

resilience; business continuity management; industrial automation; control system; functional safety; cybersecurity; Industry 4.0; human factors; cognitive human reliability; organisational culture

• Wydawca: Gdynia Maritime University ; Polskie Towarzystwo Bezpieczeństwa i Niezawodności
• Czasopismo: Safety and Reliability of Systems and Processes
• Rocznik: 2022
• Tom: Summer Safety and Reliability Seminar 2022
• Strony: 117--132
• Opis fizyczny: Bibliogr. 55 poz., rys., tab.

Twórcy

autor

Kosmowski Kazimierz T.

• Gdańsk University of Technology, Gdańsk, Poland

• https://orcid.org/0000-0001-7341-6750

Bibliografia

• Adhikari, S. et al. 2009.Human Reliability Analysis: A Review and Critique, Final report of the EPSRC funded project “Rethinking Human Reliability Analysis Methodologies”. Manchester Business School Working Paper No 589.
• Bonaceto, C., Burns, K. 2005.Using Cognitive Engineering to Improve Systems Engineering. MITRE Corporation, Bedford.
• Bell, J., Holroyd, J. 2009.Review of human reliability assessment methods. Prepared by the Health and Safety Laboratory for the Health and Safety Executive.
• BSI. 2018. BSI Organizational Resilience Benchmark. Report 2018.
• Carey, M. 2001 Proposed Framework for Addressing Human Factors in IEC 61508. A study prepared by Amey VECTRA Ltd. for Health and Safety Executive (HSE), U.K. Research Report 373.
• Dekker, S., Hollnagel, E., Woods, D. & Cook, R. 2008. Resilience Engineering: New Directions for Measuring and Maintaining Safety in Complex Systems. Lund University School of Aviation. Final Report.
• Embrey, D. 2000. Task Analysis Techniques. Human Reliability Associates Ltd.
• ENISA. 2016. Communication Network Dependencies for ICS/SCADA Systems. European Union Agency for Network and Information Security.
• Gersh, J.R., McKneely, J.A., Remington, R.W. 2005. Cognitive engineering: understanding human interaction with complex systems. John Hopkins Technical Digest 26(4).
• Hannaman, G.W., Spurgin, A.J. & Lukic, Y.D. 1984. Human cognitive reliability model for PRA analysis. Report NUS-4531, EPRI Project RP2170-3.
• Hollnagel, E. 1998. Cognitive Reliability and Error Analysis Method. Elsevier Science Ltd.
• Hollnagel, E., Woods, D., Leveson, N. 2006. Resilience Engineering: Concepts and Precepts. Aldershot.CRC Press, Taylor & Francis Ltd.
• IACS Security. 2020. Security of Industrial Automation and Control Systems, Quick Start Guide: An Overview of ISA/IEC 62443 Standards. June 2020, www.isa.org/ISAGCA(accessed 13 May 2022).
• IAEA 2021. Human Factors Engineering Aspects of Instrumentation and Control System Design. Nuclear Energy Series No. NR-T-2.12.
• IEC 61508. 2010. Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems, Parts 1-7. International Electrotechnical Commission, Geneva.
• IEC 61511. 2016. Functional Safety: Safety Instrumented Systems for the Process Industry Sector. Parts 1–3. International Electrotechnical Commission, Geneva.
• IEC 63074. 2017. Security Aspects Related to Functional Safety of Safety-Related Control Systems. International Electrotechnical Commission, Geneva.
• IEC 62443. 2018. Security for industrial automation and control systems. Parts 1-14 (some parts in preparation). International Electrotechnical Commission, Geneva.
• ISO/DIS 22301. 2019. Security and Resilience - Business Continuity Management Systems - Requirements. Geneva.
• ISO 22316. 2017. Security and resilience - Organizational resilience - Principles and attributes. Geneva.
• ISO 22400. 2014. Automation Systems and Integration - Key Performance Indicators (KPIs) for Manufacturing Operations Management, Parts 1 and 2.Geneva.
• ISO/IEC 24762. 2008. Information Technology - Security Techniques - Guidelines for Information and Communications Technology Disaster Recovery Services. Geneva.
• ISO/IEC 27001. 2013. Information Technology - Security Techniques - Information Security Management Systems - Requirements. Geneva.
• ISO/IEC 27005. 2018. Information Technology – Security Techniques – Information Security Risk Management. Geneva.
• Kanamaru, H. 2020. Requirements for IT/OT cooperation and in safe and secure IACS. 59th Annual Conference of Society of Instrument and Control Engineers of Japan, 39-44.
• Kirwan, B. 1994. A Guide to Practical Human Reliability Assessment. CRC Press, London.
• Kosmowski, K.T. 2013. Functional Safety and Reliability Analysis Methodology for Hazardous Industrial Plants. Gdańsk University of Technology Publishers.
• Kosmowski, K.T. 2018. Human factors and cognitive engineering in functional safety analysis. Advanced Solutions in Diagnostics and Fault Tolerant Control. Springer Int. Publishing AG, 434-448.
• Kosmowski, K.T. 2020. Systems engineering approach to functional safety and cyber security of industrial critical installations. K. Kołowrocki et al. (Eds.). Safety and Reliability of Systems and Processes, Summer Safety and Reliability Seminar 2020. Gdynia Maritime University, Gdynia,135-151.
• Kosmowski, K.T. 2021a. Functional safety and cybersecurity analysis and management in smart manufacturing systems. Handbook of Advanced Performability Engineering.Chapter 3. Springer Nature, Switzerland AG.
• Kosmowski, K.T. 2021b. Business continuity management framework for Industry 4.0 companies regarding dependability and security of ICT and ICS/SCADA system. K. Kołowrocki et al. (Eds.). Safety and Reliability of Systems and Processes, Summer Safety and Reliability Seminar 2021. Gdynia Maritime University, Gdynia, 249-270.
• Kosmowski, K.T. & Gołębiewski, D. 2019. Functional safety and cyber security analysis for life cycle management of industrial control systems in hazardous plants and oil port critical infrastructure including insurance. Journal of Polish Safety and Reliability Association 10(1) 99-126.
• Kosmowski, K.T. & Śliwiński, M. 2016. Organizational culture as prerequisite of proactive safety and security management in critical infrastructure systems including hazardous plants and ports. Journal of Polish Safety and Reliability Association 7(1) 133-145.
• Kosmowski, K.T., Śliwiński, M. & Piesik, J. 2019. Integrated functional safety and cybersecurity analysis method for smart manufacturing systems. TASK Quarterly 23(2) 1-31.
• Kosmowski, K.T., Piesik, E., Piesik, J. & Śliwiński, M. 2022. Integrated functional safety and cybersecurity evaluation in a framework for the business continuity management. Energies 15, 3610-3631.
• Leitão P., Colombo, A. W. & Karnouskos, S. 2016. Industrial automation based on cyber-physical systems technologies: Prototype implementations and challenges. Computers in Industry 81, 11-25.
• McKinsey. 2022a. FromRisk Management to Strategic Resilience.McKinsey & Company.
• McKinsey. 2022b. Cybersecurity Trends: Looking over the Horizon. McKinsey & Company.
• MERgE. 2016. Recommendations for Security and Safety Co-engineering. Multi-Concerns Interactions System Engineering. ITEA2 Project No. 11011.
• Misra, K. B. (Ed.) 2021. Handbook of Advanced Performability Engineering. Springer Nature Switzerland AG.
• NIST SP 800-82r2. 2015. Guide to Industrial Control Systems (ICS) Security.
• NIST SP 800-160v1. 2016. Systems Security Engineering. Vol.1:Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems.
• NIST SP 800-160v2. 2019. Systems Security Engineering. Vol.2: A Systems Security Engineering Approach.
• Pillay, M. 2017. Resilience engineering: an integrative review of fundamental concepts and directions for future research in safety management. Open Journal of Safety Science and Technology 7, 129–160.
• Rasmussen, J. 1983. Skills, rules, knowledge; signals, signs and symbols and other distinctions on human performance models. IEEE Transaction on Systems, Man and Cybernetics, SMC-13/3.
• Rasmussen, J., Svedung, I. 2000. Proactive Risk Management in a Dynamic Society. Swedish Rescue Services Agency, Karlstad.
• Reason, J. 1990. Human Error. Cambridge University Press.
• Rehak, D. 2020. Assessing and strengthening organisational resilience in a critical infrastructure system: Case study of the Slovak Republic. Safety Science 123, 1-9.
• Rogala, I. & Kosmowski, K.T. 2012. Audit Document Concerning Organizational and Technical Aspects of the Safety-Related Control System Design and Operation at a Refinery(access restricted). Automatic Systems Engineering, Gdańsk and Gdańsk University of Technology.
• SE. 2001. Systems Engineering Fundamentals. Defense Acquisition University Press, Fort Belvoir, Virginia 22060-5565.
• SPAR-H. 2005. Human Reliability Analysis Method. NUREG/CR-6883, INL/EXT-05-00509, US NRC.
• Swain, A.D., Guttmann, H.E. 1983. Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications. NUREG/CR-1278. Washington: US NRC.
• SESAMO. 2014. Integrated Design and Evaluation Methodology. Security and Safety Modelling. Artemis JU Grant Agreement, No. 2295354.
• WEF. 2019. Cyber Resilience in the Electricity Ecosystem: Principles and Guidance for Boards. In collaboration with Boston Consulting Group. World Economic Forum, Cologny/Geneva, Switzerland.
• Whaley, A.M., et al. 2016. Cognitive Basis for Human Reliability Analysis. NUREG-2114, US NRC.

Uwagi

Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).