Security aspects in functional safety analysis

• Autorzy: Barnert T. , Kosmowski K. T. , Piesik E. , Śliwiński M.
• Języki publikacji: EN

Abstrakty

EN

A security level of distributed control and protection system may have a significant impact on the results of functional safety analysis. However, the issue of integrating the safety and security aspects is difficult and usually is neglected during the functional safety analysis. This article presents a method of functional safety analysis which takes into consideration a concept of integrating these two aspects. It is based on proposed classification of communication channels used in the computer system / network and the scope of such system distribution. The functional safety analysis is to be performed at every stage of system lifecycle, but one of the most important parts is defining required safety functions and determining the safety integrity level for them. The integration concept might be taken into account at this stage. The basis of a method proposed is the assumption that the security level is considered as a risk parameter in graphs of functional safety analyses.

Słowa kluczowe

EN

functional safety; security; safety integrity level; SIL; evaluation assurance level; EAL; security assurance level; SAL; risk assessment; risk graphs; programmable control; protection systems

• Wydawca: Polskie Towarzystwo Bezpieczeństwa i Niezawodności
• Czasopismo: Journal of Polish Safety and Reliability Association
• Rocznik: 2014
• Tom: Vol. 5, No. 1
• Strony: 1--8
• Opis fizyczny: Bibliogr. 19 poz., rys., tab.

Twórcy

autor

Barnert T.

• Gdansk University of Technology, Gdansk, Poland

autor

Kosmowski K. T.

• Gdansk University of Technology, Gdansk, Poland

autor

Piesik E.

• Gdansk University of Technology, Gdansk, Poland

autor

Śliwiński M.

• Gdansk University of Technology, Gdansk, Poland

Bibliografia

• [1] AIChE (2001). Layers of Protection Analysis – Simplified Process Risk Assessment, Center for Chemical Process Safety, American Institute of Chemical Engineers, New York.
• [2] Barnert, T., Kosmowski K.T. & Sliwiński, M. (2007). Functional safety and security analysis of distributed control & protection systems. (in Polish), PAK.
• [3] Barnert, T., Kosmowski, K. & Śliwiński, M. (2008). Determining and veryfying safety integrity level under uncertainty. Proc. European Safety & Reliability Conference – ESREL, Taylor & Francis Group, Valencia, Spain.
• [4] Barnert, T., Kosmowski, K.T. & Śliwiński, M. (2008). Security aspects in verification of the safety integrity level of distributed control and protection systems. Journal of KONBIN, 150-176.
• [5] Barnert, T., Kosmowski, K.T. & Śliwiński, M. (2009). A knowledge-based approach for functional safety management. Proc. European Safety & Reliability Conference – ESREL, Taylor & Francis Group, Prague, Czech Republic.
• [6] Barnert, T., Kosmowski, K.T. & Śliwiński, M. (2010). Integrated functional safety and security analysis of process control and protection systems with regard to uncertainty issue. PSAM, Seattle, USA.
• [7] Barnert, T., Kosmowski, K.T. & Śliwiński, M. (2010). A method for including the security aspects in the functional safety analysis of distributed control and protection systems. Proc. of European Safety & Reliability Conference, Rhodos, Greece.
• [8] Grøtan, T.O., Jaatun, M.G., Øien, K. & Onshus, T. (2007). The SaSa Method for Assesing Secure Remote Access to Safety Instrumented Systems (SINTEF A1626). Trondheim, Norway.
• [9] IEC 61508 (2010). Functional Safety of Electrical / Electronic / Programmable Electronic Safety-Related Systems, Parts 1-7. International Electrotechnical Commission, Geneva.
• [10] IEC 61511 (2007). Functional safety: Safety Instrumented Systems for the Process Industry Sector. Parts 1-3. International Electrotechnical Commission, Geneva.
• [11] IEC 61882 (2001). Hazard and operability studies (HAZOP studies) – Application guide. International Electrotechnical Commision (IEC).
• [12] ISA/IEC 62443 (2013). Security for industrial automation and control systems.
• [13] ISO/IEC 15408 (1999). Information technology – Security techniques – Evaluation criteria for IT security Part 1-3.
• [14] ISO/IEC 17779 (2000). Information technology - Code of practice for information security management.
• [15] Jaatun, M.G., Grøtan, T.O. & Line, M.B. (2008). Secure Safety: Secure Remote Access to Critical Safety Systems in Offshore Installations. Autonomic and Trusted Computing 121-133.
• [16] Jaatun, M.G., Line, M.B. & Grøtan, T.O. (2009). Secure remote access to autonomous safety systems; A good practice approach. Int. J. Auton. Adapt. Commun. Syst., 2, 297-312.
• [17] Kosmowski, K.T., Śliwiński, M. & Barnert, T. (2006). Functional safety and security assessment of the control and protection systems. Proc. European Safety & Reliability Conference – ESREL, Taylor & Francis Group, Estoril, London.
• [18] Missala, T. (2009). Analysis of requirements and methods of risk assessment during determining required safety integrity level in functional safety normative documents. Related documents and literature (in Polish), PIAP.
• [19] US-Cert (2011). Control Systems Security Program (CSSP) - Overview of Cyber Vulnerabilities. Available: http://www.uscert.gov/ control_systems/csvuls.html.