Building an industrial plant means mobilizing a lot of resources and dignifies a lot of work for many companies that become part of that larger project. And then the number of people who are employed to make this project a reality. The construction of an industrial plant is a major project, consisting of a certain number of subprojects or projects. In one of these projects is the Design, Purchase, Construction, Commissioning and Assistance to the Commissioning of the Control System or Systems. The Control System is not the only system based on electronics, firmware and software that will eventually be installed in the Industrial plant. There will be a number of systems and subsystems, where the Control System will be just one of them. Each of these projects or subprojects are part of a perfect engineering work where everything must match and fit perfectly so that later when the long-awaited moment arrives, everything works. If the plant has 20 motors, the control system must be able to control 20 motors and not 19. So on with each of the details they will do with each of the systems and subsystems.
The Value and Importance of Functional Safety
Functional Safety or functional safety studies take care of the safety of industrial processes through a safe design. Security by design is necessary because technology does not have all the answers and technology alone cannot guarantee security. Ensuring safety requires following appropriate design and construction processes and procedures. 90% of accidents that occur are due to human error. To solve the problem, functional safety (ISA84/IEC-61511) was created covering the entire life cycle of a plant. Good security is good business. If the plant does not work, it does not make money. A catastrophe is not only the loss of life or the impact on the environment, it can also affect the production capacity of the plant or the company and that represents a loss of value for the organization, reflected in the culture that it has on safety. When safety is taken into account at the early stage of construction, there is a possibility of influencing the design and optimizing OPEX and CAPEX. Investing in the future means investing in security.
Influence of Design on Industrial Cyber Risk Mitigation
In Industrial Cyber Security, as explained by the ISA99 committee, responsible for the development of the ISA/IEC-62443 standards, the same thing happens. By evaluating the industrial cyber risks of the set formed by the Industrial Systems and of the industrial plant or process, it is possible to influence its design (of the plant and the systems) to create an infrastructure of systems and processes resilient to all types of threats such that it satisfies the risk tolerance of the organization or its owner. In this way, although a threat may compromise control systems, this cyber incident cannot cause unwanted or intolerable consequences. This is called Security by Design. The latter is of fundamental importance. In the field of the plant in a borderline situation or a dangerous situation we are willing to accept the loss of a cyber component, but we are not willing to accept the loss of a person’s life. While protecting cyber components is necessary and contributes to the mitigation of industrial cyber risk, prioritizing the cyber component will be insufficient, no matter how much is spent or invested in this effort. This approach will be insufficient to protect recipients from risks. To protect risk recipients it is necessary to develop a combined approach with design, but more effective and efficient, that allows to protect risk receivers above cyber components. From the experience in the implementation of this approach it is observed that in addition the economic investment is much lower.
The Best of Both Worlds
In this way the owner of the industrial plant has the possibility of having the best of both worlds, the best control systems and the best security. When the consequences occur the damage is done, and there is no turning back. That is why we say that it is never too late to deal with safety (redesign of existing systems and plant), but the sooner much better (design of systems and plants at an early stage before their construction).
Do you want to know more about Security by Design?
To learn more about safety by design we invite you to visit the following links:
- Training and Certification Program in Industrial Cybersecurity: Link