safety and security: can they live together? · elsikkerhetskonferansen 2015 safety and security:...
TRANSCRIPT
Elsikkerhetskonferansen 2015
Safety and Security:
Can they live together?
Marcel Castro (Ph.D.)
Technical Safety & Reliability Engineer
IEC Young Professional 2014
1Elsikkerhetskonferansen 201511/30/2015
Agenda
• Background
• Safety Standards
• Security Standards
• Aligning Safety & Security: – current activities and main findings
• Future Opportunities
2Elsikkerhetskonferansen 201511/30/2015
This presentation reflects the views of the author and
should not be construed to represent FMC Technologies
views.
Disclaimer
3Elsikkerhetskonferansen 201511/30/2015
• Definition– Safety: freedom from risk which is not tolerable
– Security is protection or defense against attack, interference, or espionage *.
– In the industrial control system scope:
Both with target to protect people, environment and asset
• Both Security & Safety work are standard driven – Any model differences?– A large and quite confusing area with many “standards”
Background
RISKSeverity of HARM
Probability of Occurrence of that Harm
&=Source: ISO/IEC Guide 51
* Does not cover physical security
4Elsikkerhetskonferansen 201511/30/2015
Industrial Control System (ICS) Operation
Human Machine
Interface (HMI)
Remote Diagnostic
and Maintenance
Controller
Actuators Sensors
Controlled Process Process
outputs
Process
inputs
Manipulated
Variable
Set points,
Control algorithms,
Parameter constraints,
Process data
Controlled
Variables
5Elsikkerhetskonferansen 201511/30/2015
Functional Safety Standards IEC 61511:Process Industry
IEC 61508:Generic standardon functional safety
IEC 62061:Machinery
IEC 61513:Nuclear
ISO 26262:Automotive
IEC 62278 / IEC 62425/ IEC 62269:Railway
IEC 61511:Process Industry
8Elsikkerhetskonferansen 201511/30/2015
Agenda
• Background
• Safety Standards
• Security Standards
• Aligning Safety & Security: – current activities and main findings
• Future Opportunities
9Elsikkerhetskonferansen 201511/30/2015
Aligning Safety & Security: Relationship
The relationship comes from the similarity of possible consequences.
10Elsikkerhetskonferansen 201511/30/2015
• Conditional dependency:
– Fulfillment of safety requirements conditions security or vice-
versa.
• Mutual reinforcement:
– Fulfillment of safety requirements or safety measures
contributes to security, or vice-versa, thereby enabling
resource optimization and cost reduction.
• Antagonism:
– When considered jointly, safety and security requirements or
measures lead to conflicting situations.
• Independency: No interaction.
Safety and Security Interactions
Source: by Pietre‐Cambacedes.
11Elsikkerhetskonferansen 201511/30/2015
• ISA99 WG7 & TG1
• ISA84 -> ISA84.00.09-2013
• IEC TC65 AHG1
• LOGIIC (Linking the Oil and Gas Industry to Improve
Cybersecurity)
Aligning Safety & Security: Some Activities
12Elsikkerhetskonferansen 201511/30/2015
• Need to address cybersecurity throughout the entire lifecycle [ISA84.00.09-2013]
• Greater integration may introduce greater risk [LOGIIC]
• Default configurations are not secure [LOGIIC]
• Defense in depth is needed [LOGIIC]
• Clear guidance is needed [LOGIIC]
• Improvement of security does not require an improved SIL [ISA99 WG7 & TG1]– But, failure mode analysis is the common ground
Main Findings:
13Elsikkerhetskonferansen 201511/30/2015
Agenda
• Background
• Safety Standards
• Security Standards
• Aligning Safety & Security: – current activities and main findings
• Future Opportunities
14Elsikkerhetskonferansen 201511/30/2015
• IEC 61511 – Functional safety for process industry sector– 2nd Edition: planned Q1 2016
– New requirements containing security risk assessment (8.2.4).
– Need for a security risk assessment for the SIS and associated devices:
Description of identified treats that could exploit vulnerabilities and result in security events
Potential consequences and requirements for risk reduction
This shall be considered for the different lifecycle phases (design, implementation, commissioning, operation and maintenance).
Detailed on SIS security is found in ISA TR84.00.09, ISO/IEC 27001 and IEC 62443
IEC 61511: 2nd Edition
15Elsikkerhetskonferansen 201511/30/2015
• Check to see if product adheres to standard
• Driver - > Security, privacy, risk reduction
• Three level CA necessary → industry automation sector
– Product level ← known risk protection
– Systems integration level ← design/process certification
– Asset owner’s level ← maintenance process
+
– Personal competency certification
– Supply chain
Cybersecurity Conformity Assessment
16Elsikkerhetskonferansen 201511/30/2015
IEC Conformity Assessment: Landscape
IECEE IECEx IECQ CYBER
Type test
Unit cert.
Services
People
Process
Supply chain
Project
Life-cycle
17Elsikkerhetskonferansen 201511/30/2015
Thank You
Marcel Castro (Ph.D.)
TS&R Engineer, FMC Technologies