Merging Functional Safety and Cybersecurity in Industrial Control Systems
The convergence of operational technology (OT) and information technology (IT) offers a unified view of industrial automation control systems and streamlines communication among personnel and the technologies — like machines, switches and sensors — they interact with.
This convergence, however, also brings a complication: more connected devices lead to more vulnerable technology. That’s why the trend toward more interconnectedness requires more robust digital security measures.
In this merging of digital and physical worlds, the risks to safety-critical devices escalate unless adequate cybersecurity protection frameworks are in place. That’s why it’s crucial for industrial control systems to prioritize safety and security from the outset.
The challenges to designing such control systems include navigating the complexities of legacy systems, balancing new product functionality with security needs and managing costs associated with design changes.
Parallel development of OT and IT safety and security
Integrating functional safety with cybersecurity in parallel brings advantages due to their similarities and synergies. Standards are designed to allow for simultaneous development and similar methodologies in both fields, facilitating faster compliance and reducing time to market.
Many regulatory updates now mandate dual evaluations for functional safety and digital security — such as IEC 61508, ISO 13849 and ISA/IEC 62443 — highlighting the necessity of expertise in both areas. This alignment strengthens system resilience against new threats and enables thorough compliance.
The process industry serves as a good example of design considerations that address both safety and cybersecurity. Consider a company that creates high-purity specialty materials in high-temperature environments. Workers operate electrified furnaces that run at several thousand degrees, as well as critical equipment such as digitally controlled lasers, compressed air-driven devices and thousands of distributed valves, pumps and motors. As companies add tools and devices to transform operations and improve functional safety, they face the increased risk of cyber threats targeting the very tools their workers use.
Using integrated processes that align with prevailing industry standards is essential to minimize risks and confirm that products adhere to both safety and cybersecurity regulations. Using frameworks like the Purdue Model for industrial automation (which helps segregate system networks and manage data flow securely) is recommended for structuring security architecture effectively.
Early integration of safety and security
To help ensure manufacturers adopt comprehensive strategies that involve early integration of safety and security considerations, UL Solutions safety science experts provide training, testing, inspection and certification. These experts act as a pivotal resource for manufacturers across various industries who wish to conform to global safety regulations while strengthening industrial systems against cybersecurity vulnerabilities.
Get more information from UL Solutions related to integrating functional safety and cybersecurity.
Nicholas Alexiades, is global operations and business leader for autonomy, functional safety and cybersecurity at UL Solutions.
