Security for Safety: Why functional safety and cybersecurity belong together

Advancing digitalisation is making machines and systems more complex and more powerful, but also more vulnerable. In this networked world, functional safety and cybersecurity must go hand in hand to protect people, the environment and technology. But what do these two terms mean in concrete terms, and why are they inextricably linked?

Machines have a cybersecurity problem? In the past – and often still today – the reaction when experts report on cyber threats and incidents in the production environment has been one of incredulous amazement. The topic is now also an integral part of the lecture programme and stage talks at POWTECH TECHNOPHARM. IT security in connection with functional safety is becoming a highly charged issue.

If we compare the machinery of a processing plant with a city, then functional safety represents all the protective measures that protect people and the environment from technical risks. For example, an automatic traffic light system prevents traffic accidents by regulating the flow of traffic. If a traffic light fails, a safety system must intervene to avoid chaos or accidents. Applied to machines, this means that functional safety ensures that systems do not pose a hazard even in the event of internal faults, such as defective sensors or software errors. Standards such as IEC 61508 or ISO 13849-1 define how such safety measures must be implemented in order to reduce the risk to an acceptable level.

A practical example from industry: in a chemical plant, a pressure sensor measures the pressure in a reactor. If the pressure rises dangerously, the safety control automatically triggers a relief valve to prevent an accident. Functional safety ensures that this system also works reliably in the event of a fault.

Why is functional safety important for operators and manufacturers?

In a city, safety measures such as fire protection systems in buildings or bridge sensors to monitor stability ensure that people are protected and can go about their daily lives safely. The same applies to functional safety in industry.

• Protection of people and the environment: Malfunctions of technical systems can have serious consequences. For example, a defective valve in a refinery can cause dangerous gases to escape. Functional safety protects against such scenarios.
• Avoiding downtime: In a city, a power outage is not only inconvenient, but can paralyse entire infrastructures. Similarly, safety functions in systems prevent unplanned downtime by detecting and rectifying faults.
• Compliance with legal requirements: Just like building regulations for buildings, operators and manufacturers must comply with safety standards in order to have their machines approved. These requirements are described, for example, in the IEC 61508 or IEC 61511 standards.

What is cybersecurity and how is it related to functional safety?

Cybersecurity can be compared to a city wall and a security service designed to prevent unauthorised access to the city. Without protection, attackers could enter the city and carry out acts of sabotage, such as poisoning water sources or manipulating traffic control systems. In industry, cybersecurity – often also referred to as ‘OT security’ in production environments – protects against threats such as hacker attacks that could manipulate data or sabotage equipment. These attacks can directly endanger functional safety by overriding safety mechanisms.

For example, imagine an attacker manipulating the pressure sensors in a chemical plant so that false values are reported. The safety control system believes that everything is fine, even though the pressure is rising dangerously. Without functional safety combined with cybersecurity, such an attack could lead to a disaster.

How are risks assessed and what is ‘SIL’?

Determining the safety integrity level (SIL) is comparable to evaluating fire protection measures in a high-rise building: How likely is a fire, and how extensive would the potential damage be? The higher the risk, the stricter the protective measures must be.

In industry, this risk is evaluated using a risk matrix that has two dimensions: the probability of a fault occurring and the severity of the possible consequences. Based on this evaluation, the necessary SIL is determined, which ranges from SIL 1 (low requirements) to SIL 4 (highest requirements).

For example, in a reactor that works with hazardous chemicals, a pressure increase could lead to an explosion. Because the consequences are so serious, the pressure monitoring system must meet at least SIL 2 or SIL 3 to minimise the risk.

How can manufacturers and operators achieve security for safety?

To ensure that functional safety and cybersecurity work together, a systematic approach is needed – comparable to a security concept for a city that combines fire brigade, police and IT protection.

• Develop a holistic security concept: Safety and security should be planned together from the outset. An integrated approach prevents security measures from one discipline from endangering the other.
• Implement security by design: Just as a building is designed with burglar-proof doors, machines should be equipped with cybersecurity measures from the start. This helps to avoid weak points at an early stage.
• Introduce zone concepts: In a city, high-security areas (e.g. banks) are more heavily protected than public parks. Similarly, systems and machines should be divided into security zones to better protect critical components.
• Carry out regular reviews: Security measures must be continuously tested and adjusted as needed. In a city, this could mean regularly checking fire alarm systems or IT systems.

Conclusion: Functional safety and cybersecurity belong together!

In an interconnected world in which machines increasingly communicate with each other, it is no longer sufficient to consider only one of the two areas. An attack on cybersecurity can directly endanger functional safety – and vice versa. With an integrated security strategy, manufacturers and operators can ensure that their systems operate safely and efficiently, even in a changing digital landscape.

Combining functional safety and cybersecurity is therefore not an option, but a necessity – like a stable foundation and a secure door in a building. Together, they form the basis for a safe, reliable and future-proof industry.

At POWTECH TECHNOPHARM 2025, aspects of IT and OT security will be discussed as part of the Stage Talks. The topic is also on the programme of the it-sa IT security congress, which is also organised by NürnbergMesse.