Integrating Cybersecurity into the Functional Safety Lifecycle: A Journey through ISA-84

Cybersecurity is a critical aspect of ensuring the safety and reliability of industrial systems, especially those that involve hazardous processes or environments. However, cybersecurity is often treated as a separate discipline from functional safety, which is the systematic application of engineering and management principles to reduce the risk of accidents caused by failures or malfunctions of control systems. This can lead to gaps, inconsistencies, and conflicts in the design, implementation, and operation of safety-related systems.?

The ISA-84 standard provides a framework for applying the principles of functional safety to process industries. It defines the requirements and activities for each phase of the safety lifecycle, such as hazard identification, safety requirements specification, safety instrumented system design, verification, validation, installation, commissioning, operation, and decommissioning. The standard also addresses the management of functional safety, including organizational roles and responsibilities, competence, documentation, and audit.

One of the key challenges in integrating cybersecurity into the functional safety lifecycle is to align the objectives and methods of both domains. Functional safety focuses on preventing or mitigating the consequences of random hardware failures or systematic errors that can cause hazardous events. Cybersecurity focuses on preventing or mitigating the consequences of intentional or unintentional actions that can compromise the confidentiality, integrity, or availability of information or systems. Both domains share some common concepts and techniques, such as risk assessment, defense in depth, and verification and validation. However, they also have some differences and specificities that need to be reconciled and harmonized.

For example, functional safety relies on the concept of safety integrity level (SIL), which is a measure of the probability of failure on demand (PFD) or average frequency of dangerous failure (PFH) of a safety function. Cybersecurity relies on the concept of security level (SL), which is a measure of the resistance of a system or component to a given threat scenario. Both SIL and SL are determined by a risk assessment process that considers the likelihood and severity of hazards or threats and the effectiveness of protection layers or countermeasures. However, SIL and SL are not directly comparable or interchangeable, as they have different definitions, scales, and methods of calculation.

Another challenge in integrating cybersecurity into the functional safety lifecycle is to ensure that cybersecurity measures do not adversely affect the functional safety performance or vice versa. For example, adding encryption or authentication mechanisms to a safety communication network may increase the security level but also introduce additional latency or complexity that may affect the response time or availability of the safety function. Similarly, implementing a bypass or override function to allow manual intervention in case of a cyberattack may reduce the security level but also increase the safety level by providing an alternative means of control.

Therefore, it is important to conduct a holistic analysis of both functional safety and cybersecurity aspects throughout the lifecycle phases and ensure that they are consistent and compatible with each other. This requires close collaboration and coordination among different stakeholders involved in the design, implementation, operation, and maintenance of industrial systems. It also requires continuous monitoring and improvement of both functional safety and cybersecurity performance based on feedback from incidents, audits, tests, and inspections.

Integrating cybersecurity into the functional safety lifecycle is not only a necessity but also an opportunity to enhance the overall security and reliability of industrial systems. The International Society of Automation (ISA) has developed a series of standards and technical reports to address the specific needs and challenges of functional safety in IACS. One of these documents is ISA-TR84.00.09-2024 Part 1, technical report on Cyber Security Related to the? Safety Lifecycle. This technical report provides guidance on how to implement cyber security within the IEC-61511 and ISA-84.00.01-2004 lifecycle.

Safety Instrumented Systems (SIS) are a crucial aspect of safeguarding the process industry, offering one protective layer against various hazards to minimize risks. These systems are part of a broader safety infrastructure that includes instrumented and non-instrumented systems managing alarms, interlocks, controls, and more.

Traditionally, process hazard analysis (PHA) did not factor in potential cyber threats that could result in safety incidents. However, as industrial automation and control systems (IACS) have become targets for cyberattacks, especially those governing Process Safety Controls, Alarms, and Interlocks (PSCAI), there is an increased need to account for cybersecurity risks. These risks, particularly when IACS are interconnected with other business systems, could lead to shared system failures or other safety incidents.

Thus, it is crucial to consider cybersecurity across the entire safety lifecycle, including the layers involving SIS. This necessity is echoed in the ISA-84.00.09-2023 technical report, aiming to assist the reader in understanding the significance of, and the means to, integrate cybersecurity within the overall safety lifecycle.

The report provides guidelines on how to design, implement, and maintain PSCAI securely. It also highlights that achieving high-security protection ratings (SPR) may reduce user convenience. The integration of cybersecurity and safety of PSCAI systems within IACS involves a balance between the ISA 84 and ISA 62443 series of standards, the central intent of the document.

Integrated lifecycle:

Effective cybersecurity for industrial facilities requires integrating it throughout the entire safety lifecycle. The work process must account for all phases, from initial design to eventual decommissioning. Safety and cybersecurity teams need to collaborate across this lifecycle to identify and mitigate shared risks. While standards like IEC-61511, ANSI/ISA-61511, and ANSI/ISA-62443 provide frameworks, the integration journey is unique for each organization. Open communication and unified risk management among cross-functional teams is essential. By bringing safety and cybersecurity together from the start, industrial facilities can build true resilience against emerging digital threats. Ultimately, this is about creating a culture of security-informed safety to protect both people and production.

Safety Vs Cybersecurity Considerations

Table 1, which contrasts IACS cyber security with elements of process safety as a function of some elements of the safety lifecycle.

Key considerations for ensuring cyber security in the safety lifecycle:

• Developing a plan with appropriate detail regarding cyber security,?
• Updating organization policies and procedures to address cyber security considerations, implementing and enforcing the concept of least privilege in access management, and integrating cyber security with the safety lifecycle using relevant industry standards.
• Audits should be conducted on a regular basis to evaluate compliance and identify gaps that need to be rectified.?
• Configuration management should be implemented to include current documentation of the architecture, hardware, and software inventories, as well as configuration settings.?
• Companies should have business continuity and emergency response plans that address cyber events and be integrated with existing systems.
• Maturity level associated with each zone may only be an assumption at the design stage, and actual maturity levels can only be determined following experience gained and measured in actual operation and maintenance.

Conclusion:

Integrating cybersecurity into the functional safety lifecycle is not only a best practice, but also a requirement for compliance with the latest ISA-84.00.09:2023 standard. This standard provides guidance on how to identify, assess, and mitigate cyber threats to safety instrumented systems (SIS) and other safety-critical applications. By following the steps outlined in this article, you can ensure that your SIS is resilient against cyberattacks and can perform its intended function of preventing or mitigating hazardous events. Cybersecurity is not a one-time activity, but a continuous process that requires regular monitoring, testing, and updating of your SIS and its components. By adopting a holistic approach to cybersecurity and functional safety, you can improve the reliability, availability, and integrity of your SIS and protect your people, assets, and environment from harm.