We now know that when it comes to process safety in constantly connected systems the OT component has an essential role to play. But what are the similarities between these two areas, and how can they be integrated during the lifecycle of a device?
Functional safety is a crucial factor when industrial products or equipment are used in situations which pose risks for either operators or the environment. The aim is to ensure that safety instrumented systems are functioning correctly, fully in line with their Safety Integrity Level (SIL).
Traditional risk analysis is no longer sufficient
However, traditional risk analysis, as used in the past, did not generally envisage the possibility that cyberattacks would cause incidents of process security. By contrast, we have now seen targeted attacks on systems that carry out checks, which highlights how important it is nowadays to include cyber risk in an overall risk analysis.
Indeed, Operational Technology (OT) cybersecurity is vital in relation to functional security. Just think of those sensors that communicate with controllers through network protocols. However, it is even more applicable to those components that are inserted into an automation and control network, with the aim of protecting the infrastructure from outside attacks.
So, without addressing the cyber issue throughout the lifecycle of the security system, it is impossible to understand the independence and integrity of the various levels of protection involved in instrumented systems.
Integration of safety and security during the lifecycle of a device
Functional security and cybersecurity can be integrated into the entire security lifecycle, and aligned with current standards. The particular standards that apply are IEC 61508 for functional security, and IEC 62443 in relation to OT cybersecurity
Do you want to help our page grow? Follow us on Linkedin
The above graphic shows how the two worlds are integrated at the design stage. With few exceptions, safety and security involve the same steps. It is therefore advisable to treat them in a similar way as part of company processes, so as not to create excessive business procedures and policies that are difficult to manage and complicated to apply.
Are there any other similarities between safety and security?
Yes, of course. You need to consider every aspect of management throughout the lifecycle of a device or system. And the relationship between safety and security is also clear in this context. The main similarities are as follows.
- Configuration management
There are obvious common factors in this instance. In relation to both functional security and cybersecurity, you should try to research the products that are on sale and in operation in the field. This is because, in both cases, if you have no clear idea how the device was made, you will not be able to identify the causes of any problems and then act safely and consistently.
- Managing field returns
This marks another important similarity between the two areas, and is a vital element in the lifecycle of products in terms of both functional safety and cybersecurity. Keeping a close eye on field reports, analyzing them, classifying them, and taking action where needed, should be a key part of business practice.
- Managing modifications
A product often needs to undergo minor or even major changes, which may alter some of its basic features. This implies that the company must have certain rules for managing changes, and it therefore follows that any change will be assessed in terms of both safety and security.
- Assigning roles and responsibilities
It should be made clear within the company (or for a current project), which activities need to be carried out and who should be responsible for them. This ensures there are no misunderstandings, and makes the task more straightforward.
How to demonstrate compliance with both safety and security standards
The framework required by both functional safety and cybersecurity is similar in many ways. It may therefore be helpful for a company seeking compliance with these issues, to turn to a body with expertise on both fronts.
BYHON is our internal division, and has ANSI-ANAB accreditation for SIL certification in line with standard IEC 61508, and is an accredited ANSI and ISA laboratory for OT cybersecurity certification, in accordance with the IEC 62443 standard and ISASecure® scheme. It is therefore is the ideal partner for the provision of both functional safety and industrial cybersecurity.
BYHON is one of only six ISASecure® accredited certification bodies throughout the world. It is the only one with an Italian parent company, which also employs the considerable expertise of internal auditors in the field of functional safety. This body offers the possibility of certifying components and systems in accordance with both standards. It helps integrate the various processes involved in the certification process.
Do you need help with certification for standard IEC 61508 or IEC 62443?
Do you want to help our page grow?? Follow us on Linkedin
Go back to the blog