S84.01 and Security A Users Perspective

1
S84.01 and Security A Users Perspective

• Vic MaggioliFeltronics Corp.

2
Users Perspective

• Experience
• Large Chemical Co.
• Government Nuclear Facility
• Security
• Fair to Good
• Good to Excellent
• Conclusion
• Pre-9/11 Operating facility function
• Post-9/11 Require analysis, may require
  modification

3
S84.01

• Process Sector
• Functional Safety
• OSHA 1910.119
• IEC 61508
• IEC 61511

4
Typical control system including BPCS, SIS, HMI,
and networking components
5
SIS SIF Relationship
SIF (A) SIL I
LT15, PT20, FT4
SIF (A) SIL I
FV43, FV 4
XV 13, XV 14
SIF (B) SIL II
Logic Solver 1
IT38A PT37A
XV 11, XV 12
SIF (B) SIL II
XV 9
IT38A PT37A
SIF (C) SIL III
XV 10
PT39A PT31A
Logic Solver N
SIF (C) SIL III
PT31B PT39B
SIS
6
S84.01 Security Attributes

• Safety life cycle
• MOC (OSHA 1910.119)
• Facility management
• Separation
• SIS/SIF identification
• Limited BPCS/SIS coupling
• Common mode reduced
• SIL robustness
• Redundancy
• Good engineering practices (PIU)

7
Safety Life Cycle
8
Potential Security Limitations

• Safety lifecycle
• Post 9/11 security not included
• Security from poor engineering practices
• Documentation and distribution
• H RA
• P I diagram
• Logic diagrams

9
Potential Security Limitations (cont.)

• Existing engineering practices

Typical risk reduction methods found in process
plants
10
Potential Security Limitations (cont.)

• Risk reduction techniques (security weighting)

Example Risk-based SIF safety integrity level
11
SIS Security Limitations (cont.)

• Device identification (sensors, FEs)
• Technology
• Semiconductor
• Networking
• Programmable

12
Potential Security Upgrades

• Change technology (E/E vs. PE)
• Glass replace metallic conductors
• Increase signal to noise ratio
• Use EMP installation techniques
• AIB (approved independent backup)

13
SIS Security Problem

• H RA identify(s) major hazard(s)
• H RA identify(s) protection layer(s)
• H RA leaves security to the operating facility
• SIL defines risk reduction
• Documentation availability
• Security related technology impact on operability

14
Security Environment Today

• National
• Process sector addressing
• All security aspect of operation facility
• National focus (e.g., ISA, AIChE, IEEE)
• International
• IEC 61508 addressing security
• Considering
• Adding threat analysis in SLC
• Threat SILs (TSIL)
• Separate
• Security related software
• Safety related software
• Identify sender
• TSIL 2

15
Possible Path Forward
SP84
Existing security standards
Others
Evaluate security change
IEC 61508
National security SP99
Define if security adequate
Integrate into appropriate functional safety
standards
Yes
No
Upgrade S84.01 as required
Develop security guideline