Cyber Security / Safety Instrumented Systems

When A Cyberattack Gets Physical

By William L. Mostia, Jr., P.E.

Dec 20, 2016

Cybersecurity is a growing concern in the process industries, and a number of good articles have been written about it for industrial control systems (ICS)—many full of doom and gloom. Here, we will divide the ICS into two parts: safety instrumented systems (SIS) and all other ICS components, which we lump into the basic process control system (BPCS). There are distinct differences between the SIS and BPCS in function, design and cybersecurity.

The SIS and BPCS differ in regard to cybersecurity from a process safety perspective, how traditional SIS design practices can help provide cybersecurity, and how cybersecurity concerns can affect the design of the SIS.

Free Webinar: Securing Against Insider Threats – Insiders are not constrained  by the same security controls that defend against outsiders. Prevent insider  AND outsider attacks. Oct. 24 @ 2 ET

This article examines some of the differences between the BPCS and the SIS, SIS vulnerabilities to cyberattack and other security concerns unique to the SIS. It also covers how traditional SIS design can help with cybersecurity, and how traditional design practices of the SIS are affected by cybersecurity. Due to its size limits, one article can’t cover all aspects of designing or securing a SIS in the presence of cybersecurity threats, but it’s instead intended to provide food for thought on this topic.

Read the rest of this article from our sister publication Control Global.