Security Risks are Safety Risks
Too often, security is thought of as “an IT issue.” It’s not.
As industrial operations become more connected, attack surfaces inherently increase. Hackers are increasingly targeting industrial control systems, and a disgruntled employee with access can wreak havoc on your systems.
An over-pressurized pipeline, misaligned valves, or machinery unexpectedly changing operation poses safety risks to people, the environment, and your reputation.
Systems should undergo both safety and security assessments as part of any comprehensive risk management program. Safety professionals – EHS and Engineering – should collaborate with IT to ensure that physical asset risks are mitigated to help protect workers, equipment, and the intellectual property residing in industrial control systems. Unfortunately, the inherent safety implications of security risks are too often overlooked.
Key to many critical business issues in safety, is taking a collaborative approach to safety.
EHS is most responsible for worker safety but only directly controls important but less-effective machinery safety methods – awareness, training, procedures, and personal protective equipment. Engineering focuses on technical standards yet has control of the most-effective machinery safety methods – designing out hazards, guarding, monitored access, and interlocks. Often, these two departments view each other suspiciously, resulting in reduced safety and productivity.
A key element of safety maturity, mentioned above, is collaboration between the two – along with Operations. In fact, a recent LNS research study found that organizations in which these three functions collaborate, experience a 15 percent lower median incident rate.
Perform Risk Assessments Early in the Design Process
The design process is critical to machinery that optimizes safety and productivity. Specifically, designing risks out of machinery, rather than building a machine and then trying to make it safer, is vital to these objectives.
While most companies perform a risk assessment at some point, the timing of the assessment is key. Is it early in the design process, when risks can be designed out? Or is it after the machine is designed, built, and ready to ship?
It’s vital to perform a risk assessment early in the design process and again after the machine is in place at its operating location to help verify compliance, safety, and productivity. Studies show that 60 to 70 percent of safety incidents occur outside of normal operating mode (during maintenance, repair, etc.).