Integrated functional safety and cybersecurity. Analysis method for smart manufacturing systems

• Autorzy: Kosmowski Kazimierz T. , Śliwiński Marcin , Piesik Jan

Identyfikatory

DOI

10.17466/tq2019/23.2/c

• Języki publikacji: EN

Abstrakty

EN

This article addresses integrated functional safety and cybersecurity analysis with regard to: the generic functional safety standard IEC 61508 and the cyber security standard IEC 62443 concerning an industrial automation and control system (IACS). The objective is to mitigate the vulnerability of information technology (IT) and operational technology (OT) systems, and reduce relevant risks taking into account a set of fundamental requirements (FRs). A method is proposed for determining and verifying the performance level (PL) or the safety integrity level (SIL) of defined safety functions, and then validating these levels depending on the security level (SL) of a particular domain,e.g.a safety related control system (SRCS). The method is general in the sense that it is based on risk graphs prepared for individual risk and/or societal/group risk with regard to the criteria defined.

Słowa kluczowe

EN

smart manufacturing systems; Industry 4.0; information technology; operational technology; industrial automation and control systems; functional safety; cybersecurity; risk evaluation

• Wydawca: Politechnika Gdańska
• Czasopismo: TASK Quarterly : scientific bulletin of Academic Computer Centre in Gdansk
• Rocznik: 2019
• Tom: Vol. 23, No 2
• Strony: 177--207
• Opis fizyczny: Bibliogr. 38 poz., rys., tab.

Twórcy

autor

Kosmowski Kazimierz T.

• Faculty of Electrical and Control Engineering, Gdansk University of Technology, Narutowicza 11/12, 80–233 Gdansk, Poland

autor

Śliwiński Marcin

• Faculty of Electrical and Control Engineering, Gdansk University of Technology, Narutowicza 11/12, 80–233 Gdansk, Poland

autor

Piesik Jan

• Michelin Polska S. A., Leonharda 9, 10–454 Olsztyn, Poland

Bibliografia

• [1] Kosmowski K T and Gołębiewski D 2019 Functional safety and cyber security analysis for life cycle management of industrial control systems in hazardous plants and oil portcritical infrastructure including insurance, Interreg Baltic Sea Region, HAZARD Report
• [2] Lu Y, Morris K C and Frechette S 2016 Current Standards Landscape for Smart Manufacturing Systems, Systems Integration Division Engineering Laboratory, NISTIR 8107
• [3] Li S Wet al.2017 Architecture Alignment and Interoperability, An Industrial Internet Consortium and Platform Industrie 4.0, IIC:WHT:IN3:V1.0:PB:20171205
• [4] Kivelä T, Golder M and Furmans K 2018 Towards an approach for assuring machinery safety in the IIoT-age,Logistics Journal: Proceedings
• [5] Felser M, Rentschler M and Kleinberg O 2019 Proceedings of the IEEE
• [6] SESAMO 2014 Integrated Design and Evaluation Methodology. Security and Safety modelling, Artemis JU Grant Agr. no. 2295354
• [7] MERgE 2016 Safety & Security, Recommendations for Security and Safety Coengineering, Multi-Concerns Interactions System Engineering ITEA2 Project #1 101 1
• [8] HSE 2015 Cyber Security for Industrial Automation and Control Systems (IACS), Health and Safety Executive (HSE) interpretation of current standards on industrial communication network and system security, and functional safety
• [9] HSE 2016 Cyber Security for Industrial Automation and Control Systems (IACS), HSE report for Chemical Explosives and Microbiological Hazard Division (CEMHD) and Energy Division, Electrical Control and Instrumentation (EC&I) Specialist Inspectors
• [10] ENISA 2016 Communication network dependencies for ICS/SCADA Systems, European Union Agency for Network and Information Security
• [11] ISO 22400 2014 Automation systems and integration – Key performance indicators (KPIs) for manufacturing operations management. Parts 1 and 2, International Organisation for Standardisation
• [12] Kosmowski K T and Śliwiński M 2016 Journal of Polish Safety and Reliability Association 7(1)133
• [13] IEC 61508 2005–2016 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems. Parts 1–7, International Electrotechnical Commission, Geneva
• [14] IEC 61511 2015 Functional safety: Safety Instrumented Systems for the Process Industry Sector. Parts 1–3, International Electrotechnical Commission, Geneva
• [15] Kosmowski K T, Śliwiński M and Barnert T 2006 Proc. European Safety & Reliability Conference – ESREL, Estoril, Taylor & Francis Group, London
• [16] ISO 22301 2012 Societal security – Business continuity management – Requirements, The International Organisation for Standardisation
• [7] Gołębiewski D and Kosmowski K T 2017 Journal of Polish Safety and Reliability Association 8(1)23
• [18] IEC 62443-x 2011–2018 Security for industrial automation and control systems. Parts1–13, International Electrotechnical Commission (undergoing development)
• [19] Malm T, Ahonen T and Välisalo T 2018 Risk assessment of machinery system with respect to safety and cyber-security, Research Report-VTT-R-01428-18
• [20] ISO 13849-1 2015 Safety of machinery – Safety-related parts of control systems. Part 1: General principles for design
• [21] IEC 62061 2005 Safety of machinery – Functional safety of safety-related electrical,electronic and programmable electronic control systems
• [22] Siemens Industrial security [online]siemens.com/industrial-security[accessed: 10-Jul-2019]
• [23] DIN SPEC 91345 Reference architecture model Industrie 4.0 (RAMI4.0)
• [24] Śliwinski M, Piesik E and Piesik J 2018 Integrated functional safety and cyber security analysis,IFAC Papers OnLine 511263
• [25] ISO 31000 2018 Risk management – Principles and guidelines, International Organizationfor Standardization, Geneva
• [26] Kosmowski K T 2013 Functional safety and reliability analysis methodology for hazardous industrial plants, Gdańsk University of Technology Publishers
• [27] ISO 22100-4 2018 Safety of machinery – Relationship with ISO 12100. Part 4: Guidance to machinery manufacturers for consideration of related IT-security (cyber security) aspects
• [28] Kosmowski K Tet al.2015 Basics of functional safety, Gdańsk University of Technology Publishers (in Polish)
• [29] Kosmowski K T 2017 Safety Integrity Verification Issues of the Control Systems for Industrial Power Plants, Advanced Solutions in Diagnostics and Fault Tolerant Control,Springer International Publishing AG 420
• [30] IEC 63074 2017 Security aspects related to functional safety of safety-related control systems
• [31] ISO/IEC 27001 2013 Information technology – Security techniques – Information security management systems – Requirements
• [32] Braband J 2016 8th European Congress on Embedded Real Time Software and Systems (ERTS 2016), Toulouse
• [33] ISO/IEC 27005 2018 Information technology – Security techniques – Information security risk management
• [34] ISO/IEC 15408 2009 Information technology, Security techniques – Evaluation criteria for IT security. Part 1–3
• [35] Białas A 2008 Semiformal Common Criteria compliant IT security development framework,Studia Informatica, Silesian University of Technology Press, Gliwice
• [36] Benninger Z 2019 [online]http:/www.benningergroup.com/tire-cord/overview#pro-ducts[accessed: 17-Jul-2019]
• [37] Gabriel A, Shi J and Ozansoy C 2017 A proposed Alignment of the National Institute of Standards and Technology framework with the Funnel Risk Graph Method,IEEE Access 5
• [38] Nardello M, Møller C and Gøtze J 2017 Organizational Learning Supported by Reference Architecture Models: Industry 4.0 Laboratory Study, Complex Systems Informatics and Modeling Quarterly (CSIMQ),12