Most recent
ISA TR84.00.09-2017
Cybersecurity Related to the Functional Safety Lifecycle
Safety Instrumented Systems (SIS) represent one layer of protection that may be implemented in order to reduce risk within the process industry. Other layers of protection may consist of instrumented systems performing alarms, interlocks, permissive functions or controls using devices within the basic process control system (BPCS), as well as non-instrumented systems such as relief devices, check valves, etc. Traditional process hazard analysis (PHA), in the past, has generally excluded the potential for cyber related attacks to cause process safety incidents. Given that targeted attacks on industrial automation and control systems (IACS), including the systems executing safety controls, alarms, and interlocks (SCAI), have occurred and these systems are increasingly being connected to other business systems, cyber vulnerabilities represent a significant potential for common mode failure. As a result, it is necessary in today’s world to include cyber risk in the overall PHA. Without addressing cybersecurity throughout the entire safety lifecycle, it is not possible to adequately understand the relative independence and integrity of the various layers of protection that involve instrumented systems, including the SIS. The underlying premise of this document is to help the reader understand how to integrate cybersecurity into the safety lifecycle. Guidance is provided on how to implement, operate and maintain safety controls, alarms, and interlocks (SCAI) in a secure manner. As part of this integration, it should also be understood that achieving higher security levels may result in less convenience to the end user. Addressing cybersecurity and functional safety of the SCAI systems within the IACS requires that this document serve both the ISA84 series of standards as well as the ANSI/ISA-62443 series of standards.
The International Society of Automation [isa]