Integrating safety requires attention to cyber security issues as well

Safety instrumented systems (SIS) demand integrator skills significantly more advanced than those required for the usual PLC project. A system integrator must be able to deliver a system proven to meet client requirements for the safety integrity level (SIL) of each safety instrumented function (SIF).

07/06/2010


Robust security systems that include defense-in-depth firewalls are increasingly more critical to ensuring the safe operation of automated machinery and industrial control systems. (Source: Invensys Operations Management)Safety instrumented systems (SIS) demand integrator skills significantly more advanced than those required for the usual PLC project. A system integrator must be able to deliver a system proven to meet client requirements for the safety integrity level (SIL) of each safety instrumented function (SIF). The integrator must also demonstrate the competency and qualifications to do SIS work.

The expertise required can extend far beyond just knowing how to program a SIS. For example, most safety systems need to have their communications functions integrated into the DCS communications infrastructure safely and securely. To do this, a system integrator must have the competency to configure and deploy the communications capabilities of the SIS and DCS.

Many integrators have some experience in this area because past projects have required them to set up communications to other intelligent systems at both the PLC level and the HMI level. Open standards like OPC Classic make it possible for integrators to work with a standard protocol that gives them greater flexibility. However, implementing via standards always involves certain risks.

Today’s projects also require system integrators to harden the communications integration by providing highly secure and robust systems. Cyber security is increasingly critical for maintaining control and safety integrity and for ensuring both communications security and integrity. Without it an integrator could deliver a system that could potentially experience a loss of view, or, worse, a loss of real-time data between the SIS and the DCS they are integrating. Meeting this challenge requires systems integrators to leverage the cyber security features of SIS and DCS, develop new tools, and develop new skill sets.

Leveraging cyber security features

In some cases, the systems integrator must work with the systems that are in place; in others, they might be involved in the selection of such systems. Systems must have communications and security solutions that are flexible enough to collaborate with a variety of third-party DCSs and easy enough to deploy so that the integrator can deliver the safety functions the client needs. It is also important that SIS functions are partitioned appropriately from the DCS functions so that a loss of communications or integrity will not prevent the safety system from performing its designed function, which is to keep the processes that require protection in a safe state.

Some SIS systems also self-police communications access. In one case, Invensys Operations Management (www.iom.invensys.com) collaborated with Byres Security (www.tofinosecurity.com), a cyber security firm, to add an OPC firewall to its Tricon Communications Modules (TCM). The firewall enabled a layer of defense-in-depth that lets systems integrators enjoy the flexibility and integration benefit of OPC Classic without worrying about security systems that have in the past been associated with DCOM-based systems.

“Past plant shutdowns, for example, haven’t been caused by hackers. Instead they were the result of badly configured software causing traffic storms that impacted critical controllers and other systems,” said Eric Byres, security expert and technical officer at Byres Security. “A reliable OPC firewall means that in addition to blocking hackers and viruses from accessing the safety system, integrators can deliver dynamic port management and built-in traffic-rate controls to prevent many basic network problems from spreading throughout a plant.”

The right tools

Sometimes meeting a client’s needs requires developing tools to augment vendor-supplied functionality. For example, Trinity Systems, a U.K.-based system integration firm experienced in safety systems integration, developed a remote viewer that takes advantage of the communications security features of the Triconex TCM and Triconex Firewall. The viewer allows the end user to have a simple and reasonably priced window into the SIS from the business or primary control networks, while the Triconex Tofino Firewall and the Triconex Communication Module’s on-board User Access Security Model ensures that it is a read-only window that can never impact the safety functionality. This combination of OPC-based accessibility with true defense-in-depth security lets Trinity provide cost-effective and secure access that would not have been possible even a year ago.

“Processors and manufacturers are continuously threatened by new and increasingly dangerous cyber attacks, which requires greater vigilance and security,” said Joe Scalia, portfolio architect, Invensys Operations Management. “An OPC firewall mitigates those risks by managing the traffic to and from the communications module, providing further assurance that a cyber incursion will not compromise integrated communications between the safety and critical control systems and supervisory HMI or distributed control systems.”

The right skills

Implementing the HMI portions of a safety system competently is also critical to securing communications between the SIS and the DCS. Communications integrity, including cybersecurity, must be ensured so that safety-based actions such as reads from the HMI to the safety system can be executed securely and without interruption.

Systems integrators today must be adept at securing transmission of controller real-time data and standard operating environment information as well as at adjusting control strategy parameters online, with full sensitivity to other system-based activities such as bypass management, SIL monitoring, safety alarm annunciation, and remote system diagnostics. In all of these, guaranteed viability of the communications capabilities ensures no loss of view or loss of data for the user.

More manufacturers seek to reduce costs by integrating safety and control systems. Opportunities abound for systems integrators who can meet these needs. Those who understand the cyber security features of control and safety systems, who develop tools to improve this integration, and who develop the right visualization and interoperability management competencies, will deliver their clients reliable and secure safety systems for the least cost.

Read more.

- Control Engineering Industrial Cyber Security blog;

- Automation cyber security research from Control Engineering; and

- Tofino security device.

- Neil Crompton is managing director, Trinity Systems Ltd.,  www.trinitysystems.com.



No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2013 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
The true cost of lubrication: Three keys to consider when evaluating oils; Plant Engineering Lubrication Guide; 11 ways to protect bearing assets; Is lubrication part of your KPIs?
Contract maintenance: 5 ways to keep things humming while keeping an eye on costs; Pneumatic systems; Energy monitoring; The sixth 'S' is safety
Transport your data: Supply chain information critical to operational excellence; High-voltage faults; Portable cooling; Safety automation isn't automatic
Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Plant Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.

Maintaining low data center PUE; Using eco mode in UPS systems; Commissioning electrical and power systems; Exploring dc power distribution alternatives
Synchronizing industrial Ethernet networks; Selecting protocol conversion gateways; Integrating HMIs with PLCs and PACs
Why manufacturers need to see energy in a different light: Current approaches to energy management yield quick savings, but leave plant managers searching for ways of improving on those early gains.

Annual Salary Survey

Participate in the 2013 Salary Survey

In a year when manufacturing continued to lead the economic rebound, it makes sense that plant manager bonuses rebounded. Plant Engineering’s annual Salary Survey shows both wages and bonuses rose in 2012 after a retreat the year before.

Average salary across all job titles for plant floor management rose 3.5% to $95,446, and bonus compensation jumped to $15,162, a 4.2% increase from the 2010 level and double the 2011 total, which showed a sharp drop in bonus.

2012 Salary Survey Analysis

2012 Salary Survey Results

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.