Boudreaux. “But I think security is likely to move faster than safety did.”

Ditto for Eric Byres, chief technology officer at Byres Research, now part of exida. Byres says he has noticed a recent change lately in the pace of cyber-security standards development. “ISA99 has really started to get a head of steam behind it. There’s more rigor going into the way that security standards are being developed there, and I think that’s because of this transfer of good safety practices into security,” he ventures.

For his part, Byres says he even expects to see some “new mathematical techniques” developed to deal more effectively with some of the vagaries of the cyber-security field. “All of the math in the safety world is very probabilistic,” he notes, an approach that won’t work with security. But by borrowing from other fields—maybe computer software and aviation, for example—security practitioners may be able to develop better mathematical models for looking at control-system cyber threats, Byres believes. “It’s not just simply taking everything from safety and applying it directly to security. We have to modify it to make it work.”

No matter what the ultimate outcome, current efforts to more closely model and align cyber security with well-established functional safety standards and practices are nearly certain to produce positive results, concludes Eric Cosman, engineering solutions information technology (IT) consultant at The Dow Chemical Co., in Midland, Mich., who co-chairs the ISA99 committee with Singer.

“I don’t claim to be a definitive expert in that area, but I do know that there are people like Bryan [Singer] and others who are determined to press this concept as far as it will possibly go,” says Cosman. “And there are other people who are skeptical about how far we’ll be able to go with this, because unlike with safety, you can’t statistically predict what a determined adversary is going to do.”

But Cosman says he is personally unconcerned with all of that. One of the biggest benefits, he believes, will come from engaging safety experts and taking advantage of all that they’ve learned during the past 10 to 20 years. “As we engage them, we as an industry will find out how far this model will take us, as applied to security,” Cosman notes. “And even if we run into a brick wall down the road, we’re still going to be further ahead than we are today.”

For more on cyber security and safety, see “Cyber Security = Safety. Get It?” at www.automationworld.com/feature-5823.

Subscribe to Automation World's RSS Feeds for Feature Articles