By Gregory Hale
Safety and security do go hand in hand, but the ways to achieve a safe and secure manufacturing enterprise are new facing a new reality.
“We can no longer ignore cybersecurity if you are a functional safety expert,” said Nigel Stanley, cybersecurity practice leader for TUV Rheinland OpenSky during his discussion entitled, “Functional Safety Meets Cybersecurity – The Way Ahead” at DHS’s ICS-CERT ICSJWG Spring 2017 conference in Minneapolis, MN, Wednesday. “Functional safety by design and cybersecurity by design are starting to blend together.”
Functional safety is the part of the overall safety of a system or piece of equipment that depends on the system or equipment operating correctly in response to its inputs, including the safe management of likely operator errors, hardware failures and environmental changes.
The goal is to detect potentially dangerous conditions to prevent a hazardous event.
“Safety integrity levels in safety determine a level of safety with mathematical precision,” Stanley said. “As a security person, I find that as an anathema because there is no way we can have a solid 100 percent deterministic security.”
“Functional safety is geared up with absolute mathematical precision. Cybersecurity we cannot defend it with the precision of safety.”
That means there is a difference between the two disciplines, but when you talk about security, there are also differences between IT and OT where the two sides have a difficult time communicating between each other. “They are two different worlds,” Stanley said.
Along those lines, with safety it is easier to map out factors and apply the proper functionality, but with cybersecurity now becoming a factor, safety professionals must now look at this “new” non-deterministic aspect on the table.
Standards are starting to emerge and develop like the IEC 62443 security standard and the IEC 61508 safety standard that offer a structured approach.
“IEC 62443 is a good framework for cybersecurity; it is not perfect, but a good framework,” he said. The standard allows for:
• Identification and authentication control
• User control
• System integrity
• Data confidentiality
• Restricted data flow
• Timely Response to an event
• Resource availability
To achieve safety integrity, safety experts look to the IEC 61508 standard to avoid systematic faults in all lifecycle phases to achieve system capability.
The new version of IEC 61508 is now including a security provision to make sure safety and security are in sync.
“You may say you are safe, but unless you can show security, you are not safe. We are starting to see functional safety requirements come out that require security. Just because you have a certification and a security level, it does not mean you are safe or secure,” he said.
To ensure security and safety across the enterprise, vendors, system integrators and end users need to make sure they focus on their part of the equation when it comes to security and safety.
Product vendors need to focus on achieving a level of security for safety and security; system integrators need to worry about melding disparate systems together and operators need to focus on having a plan.
Stanley gave some key lessons learned in this new reality of functional safety and cybersecurity:
• We can’t deterministically prove system security
• Functional safety engineers have a different approach than security people
• Many IT security people are not engineers
• Functional safety engineers do not understand security
• Industry needs more cybersecurity engineers