Two angles of the each coin
A Weakness in Security makes Increased Danger, Which in Turn builds a Decrease in Safety, so Safety protection and Security Are Directly parallel Proportional, but Both are Inversely Proportional to Danger.
In so many languages, there is only one word for safety and security. In German, for instance, the word is ‘Sicherheit,’ in Spanish it is called ‘seguridad’, in French it says ‘sécurité’ and in Italian it is called ‘sicurezza.’
According to Merriam-Webster, Dictionary the basic explanation of safety is “the condition of being free from harm or halter or Danger Risk,” which is essentiall the same as the basic native definition of security, which is “the best quality or state of being free from risk.” However, there is also another definition as we say explanation for security; that is, “measures taken to guard against espionage or sabotage, crime, attack or escape leave,” and this is generally the primary definition we are using and when we refer to industrial security.
Using these primary definitions, we can better understand that the relationship between security and safety. The relationship between them is such that a weakness in security makes increased danger, which in turn builds a decrease in safety protection. So safety and security are directly proportional to each other, but both are inversely proportional to each other to danger. While this may all seems elementary, understanding the relationship noth of them safety and security is very essential to understanding how to integrate the two. Those that own and operate industrial facilities, especially those that many govts have defined as most critical infrastructures, certainly understand the meaning and importance of safety and security relative to their operations.
In the context of industrial automation mechanisms and alos control systems, safety systems are special control systems whose function is to detect a faulted, harms, hazardous condition or any other danger activity and take action (typically shut down the process) to prevent a hazard. They are typically one of many layers of defense in an overall protection schemes for the facility. Whereas, control system security refers to the capability of a safety control system to provide adequate confidence that unauthorized access to users and the systems can neither modify the software and its data nor gain access to other users and the system functions, and yet to ensure that this is not denied to authorized that users and systems.
Until recently, the civil engineering mechanical and electrical engineering system disciplines of the safety system design and control system security were effective but mostly on separate, but parallel ways. The Safety standards and associated with any kind of engineering work practices are mature and well-established, based and depends on decades of learning. On the other hand, the security control system is a so much newer field and has its roots in information system or IT Information Technology security systems. Some of them say security control system is where safety system engineering was about few years ago like 10 years or more.
So why is there sudden interest in integrating system safety and control system security disciplines or departments? Both of them One reason is that safety integrated systems (SIS), once fully isolated, are many increasingly becoming connected to or directly integrated with process control systems that connect to the outside world through wide area Network (WAN). This is a most significant because of security breach of a SIS could directly prevent the saftey integrated systems (SIS) from performing its intended protection function, which could lead directly to a catastrophic or any other disease event. And On the other hand, a security incident in a control system, while still having the potent to be very damaging, or halter harm to anything should be limited to causing a process shutdown because the safety integrated system (SIS) is there to prevent a dangerous risky situation, provided it was designed correct and properly and was not also compromised to any one. The integration of control and safety systems raises most significant concerns about the possibility of a common security reasons vulnerability affecting both systems.
Another reason for the sudden interest is a growing recognition of the so many similarities between the safety and security control system life cycles, and that there are improvements and most efficiencies to be gained by combining the two different approaches. By addressing the both safety and security control fundamentally from the initial, and the asset owners will be able to head off the need to perform a second most costly process later to search and address the security vulnerabilities.
This interaction between the safety of a critical system and security control became painfully obvious to the owners of the Hatch Nuclear facility in March of 2008 and 2009. According to data supplied by the Repository of Industrial Security Incident, the Hatch Nuclear Power Plant near Baxley, Ga., was forced to shut down for two days for instance 48 hours after a contractor updated a new version software on a computer that was on the world plant’s business network. The computer was used to monitor chemical nuclear and diagnostic data from one of the facility’s basic primary control systems. That kind of software was designed to synchronize data on both systems safety and security system. When the newly updated system computer rebooted, it reset the whole data on the control system, causing the safety system to interpret pr damage the lack of data as a drop in water reservoirs that cool the world plant’s radioactive nuclear rods. The safety of the system behaved as designed and triggered a shutdown. The engineer was not aware that the security control system would be synchronized as well or that a system reboot would reset the control system.
The remainder of this article will present an approach to merge the front-end design of the safety and security life cycles to demonstrate the possibility and the benefits of taking an integrated approach to systme safety and system security, specially when designing a new or retrofitting an existing system. While the authors believe it is also possible to merge subsequent phases of the systme safety and system security life cycles, it is beyond the scope of this article to cover the latter phases. In Additionally, we feel the greatest similarities are in the front end design of the processes, and integrating the processes up-front will provide the greatest benefit throughout the system process.
Let’s began by taking a look at the software life-cycle design models for a safety system engineering and control system security. The system safety life-cycle model from IEC 61511 or latest versions (also ANSI/ISA S84) has their three main phases;
The system security level life-cycle design from ANSI/ISA S99.00.01-2007 or more also has three main phases;
3. Implement and Maintain.
The system Safety Analysis and the system Security Assess different phases have the most similarity by far because, in both of cases, the purpose of this phase is to determine the amount of danger risk present and decide if it is within tolerable limits for the facility. Determining the amount of danger involves identifying the consequences harm or any failure of the systems (what could happen and how bad would it be?) and the likelihood of it occurring (how it could happen and how likely it is to happen?).
A typically first stage in this process is the hazard or failure and operateability analysis or HAZOP. A HAZOP, the most widely used process of hazard analysis in the process in different industries, is a methodology for identifying and dealing with potential failures in processes, particularly those which would create a hazardous situation or a severe impairment of the process. A HAZOP team, consisting of specialists in the software design, operation and maintenance of the system process, analyzes the process and determines possible deviations, feasible causes and likely consequences. It is important that the industrial automation and control system (IACS) and mechanisms be listed as a cause if failure of the IACS or unauthorized user access could initiate a deviation.