By Steve Ludwig, commercial programs manager, Safety, Rockwell Automation
The dangers that cyber threats pose to intellectual property, customer records and productivity are well known, but safety implications of these threats are discussed less often. A cyberattack on your industrial control system (ICS) can damage physical assets, alter recipes, injure workers or cause severe environmental damage.
If you’re on a digital transformation journey — whether it’s a managed process or slow evolution — managing the inherent safety and security risks should be an integral part of the process.
A properly designed security approach will improve information collection, analysis and delivery. It also will minimize security-related interruptions and frustrations. And it will help protect your enterprise.
Know Your Risks
Both security and safety standards already recognize the link between safety and security risks.
Cybersecurity standard ISA/IEC 62443-1-1 mentions that security breaches can have consequences beyond compromised information. The standard states: “The potential loss of life or production, environmental damage, regulatory violation and compromise to operational safety are far more serious consequences. These may have ramifications beyond the targeted organization; they may grievously damage the infrastructure of the host region or nation.”
Functional safety standard IEC 61508-1 specifies that hazards associated with equipment and control systems must be determined under all reasonably foreseeable circumstances. The standard says: “This shall include all relevant human factor issues and shall give particular attention to abnormal or infrequent modes of operation of the EUC [end user computing]. If the hazard analysis identifies that malevolent or unauthorized action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out.”