|
Acknowledging Differences, Aligning Abilities
The Convergence of Safety and Security
“If we're going to talk about safety and security, we have to think about what they are in the industrial context,” says Bradford H. Hegrat, CISSP, critical infrastructure security consultant at Rockwell Automation. From the security professional's perspective, security has two sides: enterprise and critical infrastructure, which includes industrial control systems, distributed control systems, and supervisory control and data acquisition (SCADA) systems. According to Hegrat, the big difference between the two is the safety element. From an enterprise security perspective, safety is not a concern; on the flip side, safety is a key concern for critical infrastructure. “In and of itself, safety has never been looked at from a truly holistic, top-down perspective,” says Hegrat.
Safety is typically concerned with machine-level safety. The goal is to prevent someone from getting his or her fingers caught in a machine or a vessel from being over pressurized. Therefore, the focus of safety systems has been particularized on small components or systems, and they rarely address the safety of a larger environment or overall control system.
“When you start talking about safety systems, you're really talking about a number of smaller systems that communicate with one another—or may not communicate with one another,” explains Hegrat. And that can lead to a situation where unsafe conditions may occur without ever breaching the clipping levels for individual safety systems to engage... Read more
 Rewind and Fast Forward
The Ongoing Benefits of Standards
When asked where safety and security is going in respect to standards, the first thing Bryan Singer wants to do is to look back. “Let's rewind to the industrial safety arena,” says Singer, principal consultant for Kenexis Consulting Corporation and the co-chairman of the ISA99 standards committee on industrial automation and control systems security. “Originally, standards bodies looked for ways to improve safety on the shop floor,” he continues. “Then the government got involved as OSHA emerged. A problem was recognized—risk to operations, risk to health and human safety—so the standards bodies and government lined up. The ultimate result was that OSHA formally recognized the ISA84 standard as extensible practice on safety.”
Fast forward into the security arena.
Singer says that industrial cyber security was looked at as far back as 1999, but it really started gaining focus in 2001. According to him, the initial discussion coalesced around existing field level standards: “A lot of people said the field levels exist; why don't we just handle security like the field levels, because everything... Read more
** This is a sponsored newsletter from Rockwell Automation. All the content and sponsored links were provided by Rockwell Automaton and were not handled by the Automation World editorial staff. Here is our privacy policy with regard to sponsored links.
|
