Cyber-Security concerns in Safety Instrumented Systems
Robert Adamski, Invensys - PCS Premier Consulting Services - USA

There are generally six areas of vulnerabilities to cyber attacks on safety instrumented systems (SIS) for the process industries:

1. Unsecured or lack of security measures in the original design of the SIS hardware and software.

2. Communication between the separate SIS and other devices or networks e.g. the basic process controller (BPCS/DCS), engineering work stations, plant maintenance systems, etc.

3. "Integrated" or co-mingled (non-separated) safety and control systems.

4. Poor security measures and procedures for employees/contractors that have access to the SISs.

5. Wireless field devices used in safety related systems (SRS).

6. Safety Field bus e.g. FF-SIS.

In the U.S.A., it has been estimated that there are over 100,000 external cyber-attack attempts each day on secure non-SIS systems e.g. banking, investment networks, internet commerce, credit card transactions and even our national defense networks. There are also countless successful internal attempts at hacking by those who are assumed to be trustworthy. Although we see a growing awareness of the possibility of these attacks on our critical process industries control networks, there is a false belief that the SIS will prevent a major catastrophe. SISs are designed to be our last line of defense to insure a safe and controlled shut down in the event of a abnormal process condition. It is exactly because the SIS is our last line of protection against process events that make the SIS more "interesting" to cyber attackers.

This workshop will attempt to facilitate discussions among those process safety practitioners to bring a new awareness of international cyber security threats and possible ways to reduce our vulnerabilities.

to be determined

Certification of Safety-Related Components and Systems and Safety-Instrumented Functions
Heinz Gall - TÜV Rheinland Industrie Service GmbH, ASI - Germany

to be determined