(32a) Protecting Integrated Control and Safety Systems Against Cyber Threats

Over the past 30 years the chemical and petrochemical industries have been slowly adopting the concept of integrating their basic process control systems (BPCS) and safety instrumented systems (SIS) together.

There are several well-known advantages for moving toward and integrated approach such as improved communications, reduced engineering costs, and lowering overall system complexity for both operations and maintenance.

More recently, many popular industry standards such as ANSI/ISA-61511, Functional Safety - Safety Instrumented Systems for the Process Industry Sector and NFPA 85 Boiler and Combustion Systems Hazards Code have relaxed the restrictions of integration as long as the owner/operator can ensure there are no known compromises to the level of safety that the SIS is providing.

However, in the past 10 years, we are seeing a heightened level of concern with cyber threats, especially now as these systems are connected more than ever before with common communication buses, shared engineering workstations, HMI’s and connections to the world wide web.

This paper will describe an overview of the most common system integration architectures being used today and provide best practices concepts of what can be applied to ensure they remain robust against cyber threats regardless of what level is being applied.