Operational resilience regarding safety and security aspects of industrial automation and control systems

• Autorzy: Kosmowski Kazimierz T.

Identyfikatory

DOI

10.26408/srsp-2023-08

• Konferencja: 17th Summer Safety & Reliability Seminars - SSARS 2023, 9-14 July 2023, Kraków, Poland
• Języki publikacji: EN

Abstrakty

EN

This chapter addresses selected issues concerning shaping resilience of the industrial automation and control systems (IACS). Such systems play nowadays a key role in safety and security of hazardous industrial installations and critical infrastructure networks due to a considerable attack surface. Productivity, safety, and security management is becoming now more and more challenging due to dynamic changes in business conditions, limited access to energy sources at accepted costs, adverse environment, pandemic consequences, difficulties in maintaining reliable and timely supply chains, etc. In situation of significant uncertainty and interrelated systems involved, a reasonable approach to achieve adopted goals is to elaborate a rational strategy of sustainable development to be combined with shaping resilience of relevant systems in life cycle. It concerns any organisation that governs for instance an industrial company and its manufacturing system, or a state institution responsible for critical infrastructure development. In this chapter shaping operational resilience of industrial control systems regarding basic functional safety and cybersecurity requirements is outlined.

Słowa kluczowe

EN

resilience; sustainability; industrial automation; control system; functional safety; cybersecurity; business continuity management; human factors; organisational culture

• Wydawca: Gdynia Maritime University ; Polskie Towarzystwo Bezpieczeństwa i Niezawodności
• Czasopismo: Safety and Reliability of Systems and Processes
• Rocznik: 2023
• Tom: Summer Safety and Reliability Seminar 2023
• Strony: 99--116
• Opis fizyczny: Bibliogr. 61 poz., rys., tab.

Twórcy

autor

Kosmowski Kazimierz T.

• Gdańsk University of Technology, Gdańsk, Poland

• https://orcid.org/0000-0001-7341-6750

Bibliografia

• Bouloiz, H. 2020. Sustainable performance management using resilience engineering. International Journal of Engineering Business Management 12, 1-12.
• BSI. 2018. BSI Organizational Resilience Benchmark. Report 2018.
• Cantelmi, R., Di Gravio, G., Patriarca, R. 2021. Reviewing qualitative research approaches in the context of critical infrastructure resilience. Environment Systems and Decisions 41, 341-376.
• Dekker, S., Hollnagel, E., Woods, D. & Cook, R. 2008. Resilience Engineering: New Directions for Measuring and Maintaining Safety in Complex Systems. Lund University School of Aviation. Final Report.
• Dreesbeimdiek, K.M., von Behr, C.M., Brayne, C., Clarkson, P.J. 2022. Towards a contemporary design framework for systems-of-systems resilience. International Design Conference. Design 2022. Cambridge University Press.
• EEMUA. 2007. Publication 191: Alarm Systems, A Guide to Design, Management and Procurement (Edition 2). London: The Engineering Equipment and Materials Users’ Association.
• ENISA. 2016. Communication Network Dependencies for ICS/SCADA Systems. European Union Agency for Network and Information Security.
• ESDN. 2012. Resilience and sustainable development: Theory of resilience, systems thinking and adaptative governance. ESDN Quarterly Report 26.
• ESDN. 2022. European recovery and resilience mechanisms - challenges in systemic approaches in sustainable development. ESDN Report, May 2022, ESDN Office, Vienna.
• Flaus, J.M. 2019. Cybersecurity of Industrial Systems. ISTE Ltd and John Wiley & Sons, Inc.
• Grøtan, T.O, Petersen, S., Myklebust, T. & Hanssen, G.K. 2020. SecureSafety; state-of-the-art and remaining challenges. P. Baraldi, et al. (Eds.). Proceedings of the 30th European Safety and Reliability Conference and the 15th Probabilistic Safety Assessment and Management Conference Research Publishing, Singapore.
• Hannaman, G.W., Spurgin, A.J. & Lukic, Y.D. 1984. Human cognitive reliability model for PRA analysis. Report NUS-4531, EPRI Project RP2170-3.
• Häring, I., Scharte, B., Stolz, A., Leismann, T., Hiermaier, S. 2016. Resilience Engineering and Quantification for Sustainable Systems Development and Assessment: Socio-technical Systems and Critical Infrastructure. A part of the IRGC Resource Guide on Resilience, www.irgc.org/riskgovernance/resilience/ (accessed 30 Jun 2023).
• Hickford, A.J., Blainey, S.P., Hortelano, A.O., Pant, R. 2018. Resilience engineering: theory and practice in interdependent infrastructure systems. Environment Systems and Decisions 38, 278-291.
• Hollnagel, E. 1998. Cognitive Reliability and Error Analysis Method. Elsevier Science Ltd.
• Hollnagel, E., Woods, D., Leveson, N. 2006. Resilience Engineering: Concepts and Precepts. CRC Press, Taylor & Francis Ltd.
• IACS Security. 2020. Security of Industrial Automation and Control Systems, Quick Start Guide: An Overview of ISA/IEC 62443 Standards, www.isa.org/ISAGCA (accessed 30 Jun 2023).
• IEC 61508. 2010. Functional Safety of Electrical / Electronic / Programmable Electronic Safety-Related Systems, Parts 1-7. International Electrotechnical Commission, Geneva.
• IEC 61511. 2016. Functional Safety: Safety Instrumented Systems for the Process Industry Sector. Parts 1-3. International Electrotechnical Commission, Geneva.
• IEC 63069. 2019. Industrial Process Measurements, Control and Automation – Framework for Functional Safety and Security. International Electrotechnical Commission, Geneva.
• IEC 63074. 2017. Security Aspects Related to Functional Safety of Safety-Related Control Systems. International Electrotechnical Commission, Geneva.
• IEC 62443. 2018. Security for industrial automation and control systems. Parts 1–14 (some parts in preparation). International Electrotechnical Commission, Geneva.
• ISO/DIS 22301. 2019. Security and Resilience - Business Continuity Management Systems - Requirements. International Organization for Standardization. Geneva.
• ISO 22316. 2017. Security and resilience - Organizational resilience - Principles and attributes. International Organization for Standardization. Geneva.
• ISO 22400. 2014. Automation Systems and Integration - Key Performance Indicators (KPIs) for Manufacturing Operations Management, Parts 1 and 2. International Organization for Standardization. Geneva.
• ISO 37101. 2016. Sustainable development in communities - Management system for sustainable development - Requirements with guidance for use. International Organization for Standardization. Geneva.
• ISO/IEC 24762. 2008. Information Technology - Security Techniques – Guidelines for Information and Communications Technology Disaster Recovery Services. Geneva.
• ISO/IEC 27001. 2013. Information Technology - Security Techniques - Information Security Management Systems - Requirements. Geneva.
• ISO/IEC 27005. 2018. Information Technology - Security Techniques - Information Security Risk Management. Geneva.
• Kanamaru, H. 2020. Requirements for IT/OT cooperation and in safe and secure IACS. 59th Annual Conference of Society of Instrument and Control Engineers of Japan, 39-44.
• Katina, P.F., Keating, Ch.B. Gheorghe, A.V. 2016. Cyber-Physical Systems: Complex System Governance as an Integrating Construct. Proceedings of the 2016 Industrial and Systems Engineering Research Conference H. Yang, et al. (Eds.).
• Katina, P.F., Gheorghe, A.V. 2023. Blockchain-Enabled Resilience, An Integrated Approach for Disaster Supply Chain and Logistics Management. CRC Press, Taylor & Francis Group.
• Kosmowski, K.T. 2020. Systems engineering approach to functional safety and cyber security of industrial critical installations. K. Kołowrocki et al. (Eds.). Safety and Reliability of Systems and Processes, Summer Safety and Reliability Seminar 2020. Gdynia Maritime University, Gdynia, 135-151.
• Kosmowski, K.T. 2021. Functional safety and cybersecurity analysis and management in smart manufacturing systems. Handbook of Advanced Performability Engineering. Chapter 3. Springer Nature, Switzerland AG.
• Kosmowski, K.T. 2022. Towards strategic resilience of process plants and critical infrastructure regarding functional safety and cybersecurity requirements. K. Kołowrocki et al. (Eds.). Safety and Reliability of Systems and Processes, Summer Safety and Reliability Seminar 2022. Gdynia Maritime University, Gdynia, 117-132.
• Kosmowski, K.T. 2023. Functional safety management in hazardous process installations regarding the role of human operators interacting with the control and alarm system. In: Intelligent and Safe Computer Systems in Control and Diagnostics Z. Kowalczuk (Ed.). Springer, Lecture Notes in Networks and Systems, 545, 85-99.
• Kosmowski, K.T., Śliwiński, M. & Piesik, J. 2019. Integrated functional safety and cybersecurity analysis method for smart manufacturing systems. TASK Quarterly 23(2) 1-31.
• Kosmowski, K.T., Piesik, E., Piesik, J. & Śliwiński, M. 2022. Integrated functional safety and cybersecurity evaluation in a framework for the business continuity management. Energies 15, 3610-3631.
• Ladkin, P.B. 2019. IEC TRC 63069, Security environments and security risk analysis. ResearchGate, www.researchgate.net/publication (accessed 30 Jun 2023).
• Leitão P., Colombo, A. W. & Karnouskos, S. 2016. Industrial automation based on cyber-physical systems technologies: Prototype implementations and challenges. Computers in Industry 81, 11-25.
• Mayar, K., Carmichael, D.G., Shen, X. 2022. Resilience and systems - A review. Sustainability 14, 8327.
• McKinsey. 2022a. From Risk Management to Strategic Resilience. McKinsey & Company.
• McKinsey. 2022b. Cybersecurity Trends: Looking over the Horizon. McKinsey & Company.
• Misra, K.B. (Ed.) 2021. Handbook of Advanced Performability Engineering. Springer Nature Switzerland AG.
• Naderpajouh, N., Yu, D., Aldrich, D.P., Linkov, I. 2017. Towards an Operational Paradigm for Engineering Resilience of Interdependent Infrastructure Systems. Agenda Setting Scoping Studies Summary Report. The Resilience Shift.
• NIST SP 800-82r2. 2015. Guide to Industrial Control Systems (ICS) Security.
• NIST SP 800-160v1. 2016. Systems Security Engineering. Vol. 1: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems.
• NIST SP 800-160v2. 2019. Systems Security Engineering. Vol. 2: A Systems Security Engineering Approach.
• NIST SP 1500-201. 2017. Framework for Cyber-Physical Systems: Vol. 1, Overview.
• NIST SP 1900-202. 2019. Cyber-Physical Systems and Internet of Things.
• Noggin. 2022. Operational Resilience Versus Business Continuity: What’s the difference? www.noggin.io (accessed 30 Jun 2023).
• Pillay, M. 2017. Resilience engineering: an integrative review of fundamental concepts and directions for future research in safety management. Open Journal of Safety Science and Technology 7, 129-160.
• Pisano, U. 2012. Resilience and Sustainable Development: Theory of resilience, systems thinking and adaptive governance. ESDN Quarterly Report No 26. European Sustainable Development Network (ESDN).
• Rasmussen, J., Svedung, I. 2000. Proactive Risk Management in a Dynamic Society. Swedish Rescue Services Agency, Karlstad.
• Redman, Ch.L. 2014. Should sustainability and resilience be combined or remain distinct pursuits? Ecology and Society 19(2), 37.
• Regulation. 2021. Regulation (EU) 2021/241 of the European Parliament and of the Council of 12 February 2021 establishing the Recovery and Resilience Facility. Document 32021R0241.
• Rieger, C.G. 2013. Resilient Control Systems - Practical Metrics Basis for Defining Mission Impact. DOE Idaho Operations Office Contract DE-AC07-05ID14517, Instrumentation, Control, and Intelligent Systems (lCIS) Distinctive Signature of Idaho National Laboratory.
• SE. 2001. Systems Engineering Fundamentals. Defense Acquisition University Press, Fort Belvoir, Virginia 22060-5565.
• SPAR-H. 2005. Human Reliability Analysis Method. NUREG/CR-6883, INL/EXT-05-00509, US NRC.
• WEF. 2019. Cyber Resilience in the Electricity Ecosystem: Principles and Guidance for Boards. In collaboration with Boston Consulting Group. World Economic Forum, Cologny, Geneva.
• WEF. 2022. The ‘Zero Trust’ Model in Cybersecurity: Towards understanding and deployment. Community Paper. World Economic Forum, Cologny, Geneva.

Uwagi

Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).