This blog post is the first in a four-part series discussing the intersection of safety and security.
The funny thing about human nature is that we tend to assume things are going to work—until they don’t.
The recent power crisis in Texas is a good reminder of that. Everyone assumes the power system is going to work—until it doesn’t. Who would have thought that a few days of weather in the teens would nearly collapse the power system in the state of Texas for days? It’s a little reminiscent of the Fukushima nuclear incident about 10 years ago. Who would have thought that a once-in-a-lifetime tsunami would cause a meltdown of a nuclear reactor on the coast of Japan behind a 19-foot-high seawall? There are plenty more examples.
The same phenomenon occurs with security and cybersecurity breaches. It is human nature to assume that people will follow the law, respect boundaries, and not harm others—until they don’t. In a world run by computers, it doesn’t take a lot of creativity to imagine what could happen if these computers stopped working—or worse, if they were tampered with to a degree that you could not trust the integrity of the data.
Anyone involved in automation knows just how critical industrial control and safety systems are to the safe and reliable operations of the machines, processes, and facilities they control. Compromise of the integrity or availability of these systems could lead to any of the following outcomes—especially if safeguards are also implemented in programmable electronic control or safety systems.
- Interruption of service
- Off-spec product
- Machine, unit, plant, or facility shutdown
- Equipment damage
- Environmental incident
- Employee injury or death
- Public safety incident
So, while we don’t like to think the unthinkable, someone must. This is where safety engineers, security and cybersecurity experts, and risk management professionals come in. While we can’t prevent every disaster, the field of risk management exists to bring discipline to the process of identifying what could happen, how bad could it be, and what can be done to mitigate the risk.
Process engineers and machine builders have been conducting process safety and machine safety studies for decades to understand and mitigate risk. They utilize a variety of methodologies to perform these assessments, such as process hazard analysis (PHA), layer of protection analysis (LOPA), hazard and operability analysis (HAZOP), and failure modes and effects analysis (FMEA).
These traditional process and machine hazard evaluation and mitigation techniques are great tools in helping to understand risks. However, they do not typically evaluate or mitigate cyber threats that could impact the integrity or availability of control systems. The convergence of information technology (IT) and operations technology (OT) platforms are exposing modern industrial automation systems to increased cyber threats and vulnerabilities. These increasing threats have the potential to affect multiple layers of protection, including basic process control, process alarms, and safety instrumented systems. In fact, in certain circumstances, it may be possible for a single cyber threat to simultaneously defeat multiple layers of protection.
Therefore, to ensure our machines, processes, and facilities are truly safe, we must evaluate the risks associated with cyber compromise of the integrity and availability of control systems.
This blog series will discuss the intersection of safety and security. The remaining posts will address the following topics:
- Regulations, standards, and best practices: What do regulations and standards say about integrating safety and security? How are safety standards and cybersecurity standards interrelated? What regulations and standards apply to my industry?
- Risk assessment methodologies: How do you evaluate the risk of cybersecurity to an industrial control system? How does one account for the effectiveness of existing safeguards? What methodologies are companies in my industry using to assess cyber risk? How do they compare?
- Case study(ies): One or more case studies from asset owner(s) who have successfully integrated safety and security in their companies and facilities.
Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.