During a business trip years ago to visit an automation supplier in Germany, one of their engineers made the point that “safety” and “security” are the same word in German: Sicherheit. His point was, despite them being said the same in German and several other languages, we really needed to remember that they were two different concepts and needed to have separate consideration.
Well, it seems we’ve come full circle. Despite safety and security being distinct words in English, we really need to start putting them together in our thoughts of plant integrity. They share a lot of similarities, and the effects of one are often intertwined with the effects of the other.
This has been a common theme at Schneider Electric’s Global Automation Conference this week in Dallas, repeated from a variety of perspectives. With the launch of the Tricon CX, Schneider executives pointed repeatedly to the world’s first joint safety and security certification from TUV. In his discussion of the new compact safety system, Mike Chmilewski, vice president of process systems offer management for Schneider Electric’s process automation business, emphasized the importance of that joint certificate and the need to start thinking about safety and security in a more tandem way so they can really work together.
The fact that both TUV and Exida are now issuing certificates that have both safety and security certifications on them is “a huge step forward,” said Scott Mourier, global process automation SIS expertise area leader for Dow Chemical.
Mourier took the stage during a special safety and security general session on Wednesday as the safety expert. Andre Ristaino, head of ISASecure, served as his security counterpart. Together, the two explained repeatedly the value of looking at security from a safety standpoint, and vice versa.
Process industries are steeped in safety culture, primarily because, when things go wrong, the consequences tend to be particularly severe. Things explode. Toxins are spread. People die. The list goes on.
Industry has seen its share of mishaps. “Industry has learned, unfortunately, through accidents and incidents,” Mourier noted.
After Mourier listed the steps that need to be taken for manufacturers to make sure they understand what could go wrong—such as starting with the process design, which will then drive identification of the hazards—it was Ristaino’s turn to talk about security.
“If you took the word ‘safety’ and substituted ‘security,’ you’d pretty much be there,” Ristaino commented. “The safety lifecycle is very similar to the security lifecycle.”
One key difference, though, is that security doesn’t have the same level of maturity in the industry that safety does. It’s been 35 years of learning for safety, and part of the hope is that the industry won’t have to spend 35 years making all the same mistakes with security.
“We’re in the early phases of the maturity lifecycle for security,” Ristaino commented. “It’ll come faster for us. It won’t be 35 years.” Urgency is one reason for that, he added, but also they have an opportunity to learn from safety.
Steve Elliott, senior offer director for Schneider Electric’s process automation offerings, and also moderator for the conversation with Mourier and Ristaino, emphasized how important it is to keep safety and security together in discussions of operational integrity. “These two things are actually stronger together. They’re more similar than they are different,” he sais. “We need to make sure we’re making the same commitment to security that we made to safety.”
Elliott also noted how easy it is for a security incident to become a safety incident. The most dangerous situation, Ristaino said, can be a perceived security incident that perhaps isn’t real. “People start pushing buttons and pulling levers,” he said, and cause a safety upset.
And when a security issue is real, it’s no less damaging to safety. “Cybersecurity incidents can relate directly to process safety incidents,” said Josh Carlson, systems cybersecurity manager at Schneider Electric, during a private conversation this week.
An example Carlson pointed to was an incident that took place in 2008 in which hackers used an Internet connection to explode an oil pipeline in Turkey—compromising the cameras and sensors used to monitor the pipeline, modifying the alarm management system to mute alarms, and creating pressure inside the line to cause the explosion.
“If you don’t do cybersecurity at all the levels,” Carlson warned, “bad things can happen.”
Talking about the interconnection of process safety and cybersecurity can not only help people understand that cybersecurity incidents can relate directly to process safety incidents, but can also help them make more sense of cybersecurity efforts.
“They have very similar methodologies,” Carlson said. So rather than try to reinvent the wheel, security can follow a similar lifecycle through the process to safety, including risk assessment, threat analysis, implementing mitigating factors, maintaining and monitoring, and reassessing on a regular basis.
“What I think it’s doing is peeling back the onion and taking the black box of security away; it’s making it a manageable process that people can work with,” Carlson said. “They’re already trained in how to do safety. It’s just a repetitive process. Now, how do I do cybersecurity? It makes it a lot more manageable and tolerable to take that on.”
