Differences, similarities and argued similarities in between Lifecycle Management of Functional Safety and Industrial Cyber Security

The Lifecycle Management of Functional Safety (FSMS) in line with IEC 61511 and the Cybersecurity Management System (CSMS) in line with IEC 62443 share certain principles but also have significant differences, given their focus areas and objectives. Below is a comparison based on differences, similarities, and argued similarities.

Differences:

1. Objective and Focus:

• FSMS (IEC 61511): Focuses on the prevention of hazardous events by ensuring that safety instrumented systems (SIS) perform their intended safety functions to mitigate process risks. Its primary objective is to protect people, the environment, and assets from the consequences of failures in industrial processes.
• CSMS (IEC 62443): Aims to protect industrial control systems (ICS) from cyber threats. Its primary objective is to secure operational technology (OT) environments against cyber incidents that could result in operational disruptions, data theft, or sabotage.

2. Risk Criteria:

• FSMS: Based on safety integrity levels (SIL) which determine the required risk reduction and reliability of safety systems to meet target risk thresholds.
• CSMS: Cyber risk is assessed based on confidentiality, integrity, and availability (CIA) of systems, with risk reduction strategies addressing potential vulnerabilities and threat vectors.

3. Lifecycle Phases:

• FSMS: Phases include hazard and risk assessment, SIL determination (risk magnitude and mitigation countermeasures by individual process function followed by analysis of each individual process system and sub-system nodes), safety requirement specification (SRS), design and implementation of SIS, operation, maintenance, and periodic testing, and decommissioning.
• CSMS: Includes risk assessment, security requirements definition, SL determination (risk magnitude mitigation by countermeasures by zones & conduits considering control system architecture followed by analysis of Industrial Control System Network Architecture and associated layered approach of putting defense by core focus of ICS/IACS and associated components including network components along with hardware, software, configurations and lifecycle obsolescence & upgrades), design and implementation of security controls, continuous monitoring, incident response, and maintenance of security posture throughout the system's lifecycle.

4. Standards Applicability:

• FSMS: Specifically applies to functional safety systems in process industries, ensuring they meet the performance required to mitigate process hazards "identified by process function/safety interlocks".
• CSMS: Applies to industrial cybersecurity for all Industrial Control Systems/sub-systems, beyond process functional level safety systems to the broader Industrial Control System landscape "identified by zones and conduits defined security levels/putting defenses in consideration to these identified zones & conduits security levels severity".

5. Failure Mode and Consequences:

• FSMS: Focuses on random hardware failures and systematic failures that could lead to hazardous scenarios compromising personnel safety, environmental consequences and asset/reputation loss, often requiring safety functions to automatically and independently take control.
• CSMS: Focuses on deliberate cyberattacks, insider threats, and unauthorized access that could compromise system operations or safety.

Similarities:

1. Risk-Based Approach: Both FSMS and CSMS follow a risk-based approach. In FSMS, risks are identified through hazard analysis, and in CSMS, risks are assessed based on potential cybersecurity threats and vulnerabilities (threat intel is one the indicators). Each management system implements controls or protections based on the assessed risks.
2. Lifecycle Management: Both standards emphasize lifecycle management, requiring structured phases from risk assessment through conceptualization, design, implementation, testing, and ongoing maintenance to ensure ongoing effectiveness. From lifecycle point of view it shall be noted that with exponential evolution of technologies followed by either transformations OR disruptions, with increasing hyper-connectivity's OR taking new horizons of intelligence and leveraged capabilities by machines, cybersecurity risks are also increasing with same rate. Hence likewise functional safety it is not matter of just to maintain well the lifecycle as defined but for cybersecurity the challenge is what is today's countermeasure accessed by current risk scenario might not stand over the time and may need to revamp based on evolved technologies adaption as well as monitoring the threat intel closely to be in "current state" in terms of awareness, re-assessment, and hardening which is fit for purpose considering the the fact an asset/plant/critical infrastructure cannot be re-built again and again. Hence brownfield consideration is on of the key to manage the Lifecycle.
3. Continuous Improvement and Monitoring: Both frameworks require continuous monitoring and management of systems. In FSMS, safety performance must be regularly tested and maintained, while in CSMS, cybersecurity vulnerabilities and threat intel must be monitored and addressed throughout the system's operational life.
4. Stakeholder Involvement: Both systems require collaboration between different stakeholders, such as engineers for multi disciplines including process, operations, instrument & control, electrical, IT professionals, and of courses asset owners & management, to ensure that functional safety and cybersecurity risks are adequately managed.
5. Compliance and Auditing: Both standards emphasize the need for compliance, documentation, and auditing to ensure that safety and security controls are maintained throughout the system lifecycle. ISO9000, can help well as on of the documentation established pillars of Organization to further enhance and formulate functional safety and industrial security lifecycle as defined in IEC 61511 & IEC 62443.

Argued Similarities:

1. Common Goal of System Integrity: While FSMS focuses on functional safety and CSMS focuses on cybersecurity, both are fundamentally concerned with ensuring the Availability and Integrity of systems, while confidentiality is one of the additional priorities. This is often considered an argued similarity as both systems ensure that the process industry systems function correctly, FSMS from a hazard prevention standpoint and CSMS from a cyber threat prevention perspective. While as per release of SANS ICS Leadership Poster "ESTABLISHING THE ICS CYBERSECURITY PROGRAM", narrative is further well defined that it is not just CIA vs. AIC but its all about CIA vs. SIAC (Safety, Integrity, Availability, Confidentiality).
2. Incident Response: Both FSMS and CSMS have a similar approach to incident response. FSMS involves safety functions being triggered to bring a process to a safe state, while CSMS involves the detection of security breaches and the initiation of corrective actions. Both are crucial to mitigating the impact of incidents. While it comes to incident Response Management then depending on complexities of cyber incidents and by nature of hazardous and losses involved in critical infrastructure, response management plans are also taking new horizons by enhancing process and proceedings of existing response/control centers by inclusion of cyberthreats scenarios, mock drills, table top exercises etc.
3. Risk Reduction through Controls: The idea of layered risk reduction is common approach to both systems. In FSMS, Safety Instrumented Functions (SIFs) are designed to mitigate risk by acting as a control layer in the event of process deviations. In CSMS, defense-in-depth strategies are used to protect against cybersecurity risks through multiple layers of security controls.
4. Safety and Security Convergence (Safe-Sec convergence): Convergence of safety and security is increasingly recognized while IT-OT convergence being one of the most debated topic across the industries and critical infrastructure, now its time to recognize and leverage aggressively "Safe-Sec convergence" especially in OT environments where a cybersecurity incident could compromise functional safety. There is growing awareness that an attack on an industrial system could lead to safety consequences, which bridges the gap between the two disciplines. Hence, it is not just matter of "fail-safe" by design but time to conceptualize, engineered & design in consideration "attempt to fail-safe by design" which in possible by taking wholistic approach than COTS Industrial Control System and associated components only.

Conclusion:

While FSMS (IEC 61511) and CSMS (IEC 62443) focus on different aspects of risk management (functional safety vs. cybersecurity), both share foundational elements in risk-based approaches, lifecycle management, and the importance of continuous monitoring. Their differences lie primarily in their scope i.e. FSMS in preventing hazardous process events and CSMS in defending against cyber threats, but their methodologies can complement each other, particularly in industrial environments where safety and security are intertwined.