IEC 61511-1 Clause 15 and Cyber Security

Safety instrumented system safety validation (IEC 61511-1 Clause 15) is to validate, through inspection and testing, that the installed and commissioned SIS and its associated SIFs achieve the requirements, as stated in the Safety Requirements Specification.

The results of the safety instrumented system validation, including discrepancies between expected and actual results, the analysis made, and any decisions made regarding whether to continue the validation or to issue a change request and return to an earlier part of the development lifecycle.

As the process control networks are now more commonly connected to the corporate network, being via Firewalls and hardened network security, protecting the vital digital infrastructure against cyber-attacks also ensures safe operations and optimal production regularity.

Safety critical control systems are developed with respect to reliability requirements, often following a reliability standard IEC 61508. While this not a strict requirement for the SIS validation, however cyber security is an important component in functional safety. Malicious intrusion, either human or malware, can induce hazards, and/or inhibit the proper operation of safety functions.

IEC 61508-1 Section 7.4 Hazard and Risk Analysis, Clause 7.4.2.3  -  The hazards, hazardous events and hazardous situations of the EUC and the EUC control system shall be determined under all reasonably foreseeable circumstances (including fault conditions, reasonably foreseeable misuse and malevolent or unauthorized action). This shall include all relevant human factor issues, and shall give particular attention to abnormal or infrequent modes of operation of the EUC. If the hazard analysis identifies that malevolent or unauthorized action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out.

IEC 61508-1 Section 7.5 Overall Safety Requirements Clause 7.5.2.2   -  If security threats have been identified, then a vulnerability analysis should be undertaken in order to specify security requirements.

IEC 61511-1:2016 Clause 8.2.4  -  A security risk assessment shall be carried out to identify the security vulnerabilities of the SIS.

IEC 61511-1:2016 Clause 11.2.12  -  The SIS design shall provide the necessary resilience against the identified security risks.

The SIS security risk assessment is included within the overall process automation security risk assessment.

To conclude cyber security is not explicitly listed as one of the 17 aspects of IEC 61511 SIS validation clause 15. This was subjected during the design and engineering clause 11 and 12 of the safety lifecycle. But due to the critically and its integrated nature, it would be good practice to include cyber security within the validation review and report.