【In-depth Interpretation】Cybersecurity of Safety Instrumented System (SIS).

Create Date: 2024-8-30 12:03:23|Source: Fuji Electric/Fujielectric

When a company begins a Safety Instrumented System (SIS) project, the first decision stakeholders must make is to choose the system architecture. Compliance with international cybersecurity standards such as IEC 62443 (ANSI/ISA 62443 series of standards) and guidelines from the International Association of Users of Process Industry Automation (NAMUR) makes it possible to better harden systems with interfaces or integrated SIS architectures. Understanding the unique benefits and considerations behind each architecture is critical to making an informed decision to best meet the needs of your business.

Learn about the standards

Cybersecurity standards provide guidelines for distinguishing between safety-critical and non-safety-critical components. According to the ISA guidelines, safety-critical assets must be logically or physically separated from non-safety-critical assets into multiple zones.

NAMUR provides a similar set of guidelines in Worksheet NA163 "Safety Risk Assessment for SIS". The guideline defines 3 logical areas – the core SIS, the extended SIS, and the control system structure (which NAMUR calls "peripherals") – and states that they must be physically or logically separate (Figure 1).
【In-depth Interpretation】Cybersecurity of Safety Instrumented System (SIS).
Figure 1: NAMUR provides a similar set of guidelines to ISA62443 cybersecurity standards, where SIS functions are divided into three areas: Core SIS, Extended SIS, and Control System Architecture (which NAMUR calls "peripherals"). Image credit: Emerson

The core SIS consists of the components required to perform the safety function (logic solvers, input/output (I/O) devices, sensors, and end effectors). Extended SIS with safety system devices (e.g., engineer station) that are not required to perform safety functions. Peripherals are devices and systems such as basic process control systems (BPCS) that are not directly or indirectly assigned to the SIS but can be used in the context of safety functions. Safety features may include a resend request from a basic process control system or the display of safety functions in a human-machine interface.

Neither standard clearly defines the required architecture. The user must decide how best to build the SIS network and ensure that adequate logical and physical isolation is provided between the basic process control system and the SIS in the final design. In general, enterprises have 3 options for building a SIS network:

●Separated SIS: completely disconnected from and independent of the basic process control system;

●Interface SIS (interfaced SIS): connect the interface SIS to the basic process control system through an industrial protocol (usually Modbus);

●Integrated SIS: An integrated SIS that is connected to a basic process control system, but needs to be sufficiently isolated to comply with cybersecurity standards.

Some people may argue that deploying an isolated SIS is more secure than any other type of SIS. However, all of the listed architectures can provide a hardened security architecture as long as the security architecture is pre-defined and enforced during the design, implementation, and maintenance of the security system. As important as it is, SIS architecture is only one aspect of a security system that defines security.

Take advantage of defense-in-depth

Protecting the SIS requires a defense-in-depth approach. With cyberattacks on the increase every year, just one layer of protection isn't enough for security-critical assets. Network administrators are employing multiple layers of security – antivirus, user management, multi-factor authentication, intrusion detection/prevention, whitelisting, firewalls, and more – to ensure that unauthorized users face insurmountable barriers to entry. The goal of a defense-in-depth strategy is to increase access control protection mechanisms. This can be done by adding layers of protection that complement each other.

Isolation system

One of the most common ways to protect the SIS is to completely isolate the system, creating a "separation band" between the core SIS functions and the basic process control system (Figure 2). The benefits of this approach are clear. If the SIS is separated from other systems, security is hardened by default to prevent intrusions.
【In-depth Interpretation】Cybersecurity of Safety Instrumented System (SIS).
Figure 2: Infrastructure with buffers that separate safety-critical and non-safety-critical SIS, but with additional maintenance to maintain the defense-in-depth security layer on two different systems.

However, even isolated systems are not immune to cyberattacks. Users ultimately need to access the system from the outside to perform tasks such as extracting event records for event analysis, bypassing, overwriting, verifying test records, or performing configurations, changes, and applying security updates. USB drives, which are often used to implement these updates, are less likely to protect them.

This is one of the main reasons why an isolated SIS still needs an extra layer of protection due to its dependence on external media (as is the case with the one used to protect basic process control systems). Proper system hardening allows users to manage two separate sets of defense-in-depth architectures. This makes it possible to increase working hours, extend the time between shutdowns, and increase the buffer area to deal with vulnerabilities left in the protective layer due to negligence.

Interface system

The interface system functions similarly to an isolation system. In an isolated system, safety-related functions are physically separated from non-safety-related functions (Figure 3). The interface system is distinguished by the fact that the basic process control system devices and the core functions of the SIS are connected via an engineering link with an industrial open protocol. Typically, firewalls or other security hardware and software restrict traffic between the basic process control system and the SIS.
【In-depth Interpretation】Cybersecurity of Safety Instrumented System (SIS).
Figure 3: The interface architecture physically separates the SIS from the basic process control system, but has connectivity to the basic process control system. This configuration typically requires the maintenance of multiple engineering connections and defense-in-depth systems.

Since the Core SIS and Extended SIS are physically separate from the peripherals, the interface system provides sufficient protection to meet ISA and NAMUR standards. However, just like in an isolated system, SIS hardware and software need to be protected. The user must ensure that the connection to the extended SIS does not compromise the core SIS.

To achieve this protection, interface systems require that the defense-in-depth security layer be replicated across multiple systems. In some cases, multiple instances of network security that must be monitored can increase the amount of effort required to maintain adequate security. The end user should also ensure that the connection between the basic process control system and the SIS is configured in such a way that the system is not exposed to risk.

Integrated systems

Another option for implementing an isolated system is to integrate a SIS (Figure 4). In this approach, the SIS is integrated into the basic process control system, but there is logical and physical isolation between the core SIS and the extended SIS. Typically, this isolation is achieved using an out-of-the-box embedded cybersecurity proprietary protocol. This eliminates many of the safety risks that arise from manually designing the connection between the SIS and the basic process control system.
【In-depth Interpretation】Cybersecurity of Safety Instrumented System (SIS).
Figure 4: In an integrated SIS architecture, safety-critical functions are logically and physically separate, but still located on the same system. This eliminates the need to maintain multiple defense-in-depth systems.

Integrating a SIS requires the same level of defense-in-depth protection as an isolated system, but because some layers of security need to protect both the basic process control system and the SIS, integrating a SIS can reduce the time and effort spent monitoring, updating, and maintaining the layers of security. This approach provides protection that goes beyond the ordinary layers of security. The integrated SIS also has additional specific layers of security designed to protect the core SIS.

Eliminating complex engineering interfaces between the core and extending the SIS through an integrated environment can make Factory Acceptance Testing (FAT) simpler and faster, helping to bring projects online faster and reducing rework.

Manage entry points

Careful consideration of the defense-in-depth layer is essential to provide a SIS of network security, but it is not enough. To ensure that SIS networks have adequate security, organizations must also restrict entry points to safety-critical functions and take steps to mitigate any risks affecting said entry points.

The more entry points available to the security-critical functions of the SIS, the greater the chances of a cyberattack exploiting possible vulnerabilities in the security layer. While it is possible to adequately defend against multiple points of intrusion, it is easier to achieve and takes up fewer resources if only 1 point of intrusion is required.

NAMUR provides clear guidance for partitioned SIS architectures in an interface format (Figure 1). The core SIS, extended SIS, and control system architectures are properly isolated in their respective regions. The engineering connection between the architectural elements in the 3 areas (Engineer Station, BPCS, Plant Information Management System, Asset Management System, etc.) can create multiple potential connection points to the core SIS.

There is no security risk per se from these connection points; It is generally assumed that they get enough defense in depth. If security is required at every stage, you may need to manage 5 or more sets of security hardware and software.

The integrated SIS architecture can provide a design that limits the entry point. The best integrated safety instrumented systems are configured with a component that acts as a gateway to all traffic in and out of critical safety functions, allowing for the same layer of defense-in-depth that protects basic process control systems with some additional layers of protection dedicated to the core SIS by defending only one entry point. This design reduces maintenance and monitoring while providing the same or higher level of standard SIS isolation as other architectures.

There is often an assumption that more physical isolation between the SIS and the basic process control system means more inherent safety. However, as with buffers, more physical isolation can lead to increased maintenance and monitoring overhead to ensure adequate defense-in-depth. For enterprises, the additional cost limits the value of air-gapping – seeking to optimize performance and production while meeting network security standards. And try at the same time.

Integrated and interconnected systems enable a high level of connectivity while providing flexibility in implementing a defense-in-depth network security architecture. Because both architectures provide the highest level of security, implementation teams seeking to maintain a shieldable SIS throughout the lifecycle of the system often find that they have more options for choosing a basic process control system and SIS to meet unique enterprise objectives.

More on that
Why does Fujifilm ultrasonic flowmeter replace traditional ordinary flowmeter? Why does Fujifilm ultrasonic flowmeter replace traditional ordinary flowmeter?

The main reason why the ultrasonic flowmeter replaces the traditional ordinary flowmeter is that it is more accurate in the measurement results, will not be disturbed and affected by any external factors, ensures more safe and reliable performance in the work, and the measurement range will be wider. In order to play better ...

The cause of the overcurrent of the inverter - Fuji Electric The cause of the overcurrent of the inverter - Fuji Electric

The overcurrent tripping of the inverter is divided into short-circuit faults, tripping and rising during operation, tripping during speed reduction, etc. 1. Short-circuit fault (1) Fault characteristics a) *** tripping may occur during operation, but if it is restarted after resetting, it often trips as soon as the speed rises. b ...

The industry and demand are integrated to accelerate the expansion of new areas The industry and demand are integrated to accelerate the expansion of new areas

With the proposal of "Made in China 2025" and the increasing role of science and technology in promoting new industries, the automation industry has begun to pick up, and the inverter market has regained its vitality and vitality after the downturn in the first two years. As a world-renowned provider of electrical automation products and systems, Fujifilm ...

Fuji Electric plans to increase its production capacity for next-generation power semiconductors by about 10 times by 2024 Fuji Electric plans to increase its production capacity for next-generation power semiconductors by about 10 times by 2024

On July 27, Fuji Electric plans to increase the production capacity of next-generation power semiconductors by about 10 times by fiscal 2024 to cope with the surge in demand for electric vehicles and other forms of electrically powered transportation, according to Nikkei. According to the data, Fuji Electric ...

China's instrumentation industry is "large in quantity and wide in scope" Scientific and technological innovation is the trend China's instrumentation industry is "large in quantity and wide in scope" Scientific and technological innovation is the trend

On November 26, the instrumentation industry is an industry with a high degree of integration of manufacturing and informatization, and it is also one of the most typical industries for the development of high-tech industries. "On November 26, the 2020 Instrumentation Industry Development Summit was held in Shangyu District, Shaoxing City, Zhejiang Province.

Fuji inverter - what is the role of frequency conversion speed regulation technology in the field of energy conservation and environmental protection? Fuji inverter - what is the role of frequency conversion speed regulation technology in the field of energy conservation and environmental protection?

The frequency conversion speed regulation function of the inverter (hereinafter referred to as -VFD) is to convert the three-phase power frequency (50Hz) AC power supply (or any power supply) into a three-phase AC power supply with adjustable voltage and frequency. Frequency conversion speed control device can also be sometimes called VVVF, which is mainly used to adjust AC motors (asynchronous or synchronous machines).

Differences and characteristics of portable ultrasonic flowmeters and electromagnetic flowmeters Applications Differences and characteristics of portable ultrasonic flowmeters and electromagnetic flowmeters Applications

The flow meter is one of the important instruments in the water, petrochemical and other industries, which can be compared with the eye of measurement. For the water conservancy industry, it is of special significance. For example, the addition of chemicals in the water supply industry, if the accuracy of the relevant metering instrument is not high, it will directly affect the quality of water quality.

Precautions for Fujifilm servo motors in use Precautions for Fujifilm servo motors in use

Fujifilm servo motor has many precautions in use, and the following is a brief introduction   Fujifilm servo motors can be used in places where water or oil droplets are attacked, but they are not completely waterproof or oil-resistant. Therefore, servo motors should not be placed or used in water or oil environments. If you serve ...

Inverter repair cleverly replaces inverter parts Inverter repair cleverly replaces inverter parts

Although there are many types of inverter maintenance and the circuit is constantly updated, the faults are nothing more than overcurrent, overvoltage, undervoltage, overload, overheating, output unbalance, no display and other faults. In the process of inverter maintenance, we often encounter some accessories for a while...

Helping Data Centers and Communication Base Stations Save Power The second-generation discrete SiC-SBD series is released Helping Data Centers and Communication Base Stations Save Power The second-generation discrete SiC-SBD series is released

Fuji Electric Corporation (CEO, Director and President: Tsuhiro Kitazawa, Headquarters: Shinagawa-ku, Tokyo) is pleased to announce that the second-generation discrete SiC-SBD* series, a series of power semiconductors, has been released for sale. This product will help drive the ...

There are always answers to common questions about the use of inverters and transmissions, there are always things you don't know There are always answers to common questions about the use of inverters and transmissions, there are always things you don't know

1. Why is the leakage circuit breaker easy to trip when using the inverter? This is because the output waveform of the inverter contains higher harmonics, and the motor and the cable between the inverter and the motor will generate a leakage current, which is much larger than that when the motor is driven by the power frequency. ...

Fuji Electric exhibited at PCIM Asia Fuji Electric exhibited at PCIM Asia

On June 28, 2016, the three-day Shanghai International Power Components and Renewable Energy Management Exhibition (PCIM Asia) was grandly opened at the Shanghai World Expo Exhibition & Convention Center. Focusing on renewable energy technology, Fuji Electric (China) Co., Ltd. brought new products "Four Beauties" to the exhibition, which were Fuji ...

How do I choose a circuit breaker with the same frame? How do I choose a circuit breaker with the same frame?

Following the last release of the circuit breaker Q&A, we have received new circuit breaker inquiries one after another, and this time we have selected the questions about the "protection function" with a high interest rate for answers: (1) What exactly is a "protection function"? (2) How should I look at the "action characteristic curve"? (3) When selecting, facing ...

Fuji Electric plans to increase its production capacity of next-generation power semiconductors by 10 times by 2024 Fuji Electric plans to increase its production capacity of next-generation power semiconductors by 10 times by 2024

Fuji Electric will increase its production capacity of next-generation power semiconductors by approximately 10 times in FY2024 compared to FY2020. By 2025, it will increase the sales of silicon carbide power semiconductors to about 10% of its semiconductor business, and the goal is to achieve half of the global silicon carbide power supply by 2026.

Fuji Electric joined hands with students from Zhejiang University to carry out environmental protection activities on road surfaces in Hangzhou Fuji Electric joined hands with students from Zhejiang University to carry out environmental protection activities on road surfaces in Hangzhou

Fuji Electric's CSR can be seen as the implementation of the "Management Philosophy" and "Management Policy", which means that through energy and environmental business, we contribute to the resolution of social issues, maximize the positive impact of corporate activities on society and the environment as a whole, and prevent or reduce negative impacts.

Introduction to the application case of Fujifilm ultrasonic flowmeter in power plant flow measurement Introduction to the application case of Fujifilm ultrasonic flowmeter in power plant flow measurement

Due to the outstanding technical application advantages of Fujifilm ultrasonic flowmeter, Fujifilm ultrasonic flowmeter has been widely concerned in various fields such as power plant flow measurement, which can be reflected from the following application cases. Circulating water flow is measured in hydropower plants ...

There are a few simple steps that need to be commissioned when a drive is put into operation There are a few simple steps that need to be commissioned when a drive is put into operation

1. Ground the ground terminal of the inverter. 2. Connect the power input terminal of the inverter to the power supply through the leakage protection switch. 3. Check whether the factory display of the inverter display window is normal, if it is incorrect, it should be changed to reset the operation, if it is still incorrect, it should be returned. ...

Can ultrasonic flowmeters be used in the production and processing of edible oil? Can ultrasonic flowmeters be used in the production and processing of edible oil?

Can a small flow ultrasonic flow meter be used for flow measurement of soybean oil? There are several steps in the processing of edible oil that require the use of flow meters to measure the volume and weight of how much oil flows out of the pipeline. Enterprises that produce and process edible oil need to be aware of the crude oil and ...

Fuji Electric Corporation has set sustainability goals with the aim of contributing to the realization of a sustainable society and the 2050 Environmental Vision Fuji Electric Corporation has set sustainability goals with the aim of contributing to the realization of a sustainable society and the 2050 Environmental Vision

Fuji Electric Corporation (hereinafter referred to as "FE"), headquartered in Tokyo, Japan, under the leadership of President Mitsuhiro Kitazawa, is pleased to announce that it has established development goals*1 aimed at achieving a sustainable society, as well as a new policy called Environmental Vision 2050. *1: Sustainability Goals...

Development status of imported ultrasonic flowmeter Development status of imported ultrasonic flowmeter

Fujifilm ultrasonic flowmeter is a non-contact flowmeter that has only been applied with the rapid development of integrated circuit technology in the past ten years, which is suitable for measuring fluids that are not easy to contact and observe, as well as large pipe diameter flows. Together with the water level gauge, it forms an open channel flow meter for flow measurement of open water ...

CATEGORIES BYPASS
Customer Service Center

Online Consultation:QQ


ContactContact

Contact: Manager Huang

Contact QQ: 3271883383

Contact number: 13522565663


Scan the code to add WeChat (please save the picture first on the mobile phone)

working hoursworking hours

Weekdays: 9:00-17:00

Holidays: Only emergencies are handled

Contact us

Contact us

Contact number QQ consultation
QQ consultation

3271883383

Company address
Back to top