Babies, Bathwater, and Australian Safety Laws

Viewed 196 times

The old saying goes, “Don’t throw the baby out with the bathwater.” But it looks like a number of people in Australia may be in danger of doing just that with their response to the country’s newly harmonized health and safety laws.

Australia’s new Work Health and Safety Act says company officers “… must exercise due diligence to ensure that the person conducting the business or undertaking complies with that duty or obligation.” An organization also must ensure “workers and other persons should be given the highest level of protection against harm to their health, safety and welfare from hazards and risks arising from work … as is reasonably practical.”

So far, the…

Continue Reading >>

Risk Communication • (0) Comments • Permalink

Outrage! Panic! Indifference?

Viewed 386 times

How should you react to news of PLC security vulnerabilities? 

Project Basecamp was an exercise conducted at the S4 Security Conference that was held last month in Miami, Florida.  At the event, six security researchers reported their findings on the security vulnerabilities found after testing several PLCs and field devices from several companies.  With relative ease, the security researchers were able to discover, verify and in many cases exploit basic security vulnerabilities such as backdoors, weak or no authentication, buffer overflows, etc. 

Dale Peterson of Digital Bond, the organizer of the event, recently blogged asking, “Where is the outrage?” Dale had expected industry to…

Continue Reading >>

Control System Security • (0) Comments • Permalink

Why am I not on “the list?”

Viewed 981 times

Many will agree that exida's Safety Equipment Reliability Handbook (SERH) and the Safety Automation Equipment List (SAEL) are very useful tools for choosing products to use in safety instrumented systems. The SAEL shows a product’s IEC 61508 and cyber security compliance information. In addition, the SERH has a full set of failure rate and failure mode data for each product. However not every product on the market is included. So some may wonder why certain equipment, with published reliability data and/or IEC 61508 certification, is not listed in the SERH and/or SAEL. The reason is simple: the analysis and/or assessment done on the product does not meet exida’s reasonability checks for listing the specific…

Continue Reading >>

Functional Safety Certification • (0) Comments • Permalink

2011…A Year in Review

Viewed 492 times

2011 was a good year in many ways for Functional Safety and Cyber Security. Several instrumentation products achieved IEC 61508 certification. exida Certification alone issued 64 product certifications (http://www.sael-onine.com).  With most certification projects, improvements to the design and quality are made.  Some manufacturers are now quite focused on significant improvements to future products that should improve safety and reliability.  Innovation in automatic self-diagnostics also occurred in 2011.  The statistical analysis packages introduced last year in pressure transmitters are currently used to detect plugged impulse lines.  The technique is finding new diagnostic applications finding other failures.  I have seen more compliance voltage monitoring in transmitters, new methods for detecting sensor failures in transmitters, better partial valve stroke monitoring, and…

Continue Reading >>

News • (0) Comments • Permalink

Make a list…and be sure to check it twice

Viewed 736 times

Let me start by wishing everybody a Happy Holidays and Love, Health, Peace, and Safety for 2012. My 5-year old son is very excited about all the holiday decorations. As we celebrate Christmas in my family, we emphasize the birth of baby Jesus as the reason for Christmas, but, like any other child, he just can’t wait for Santa to come. Since my son has not been naughty this year, my wife and I told him to create a wish list that we could give to Santa. The last month or so I have been updating a notes file on my smart phone with every toy store visit. (Father and son apparently like to have documented evidence)

Last Tuesday, December…

Continue Reading >>

Functional Safety Certification • (0) Comments • Permalink

It Ought to be a Crime

Viewed 1080 times

There is no shortage of drivers who try to “beat the red light,” or roll through a stop sign.  I see it every day (luckily BEFORE they hit my side door).  Even though everyone knows, or should know the “rules of the road,” there are some folks who are in too much of a hurry, or they just blatantly ignore the rules.  There can be consequences for this misconduct, resulting in fines, equipment damage, or serious injuries.  But because they don’t get caught, drivers don’t realize how wrong they really are.

Product development is like traffic flow.  There are straightaways and turns, there are detours, and there are traffic lights.  Look at these traffic lights as pauses for milestone and…

Continue Reading >>

Functional Safety Certification • (1) Comments • Permalink

NEVER Use B10 Values for PFDavg Calculations

Viewed 1896 times

The machine safety community has defined a number called the “B10 number.”  It is a measure of time where 10% of a population of devices should have failed.  Generally it is a measure of expected end of life or “useful life” as defined by the reliability engineering community.

The IEC/ISO 13849-1 functional safety standard for simple machines has defined equations directly relating the B10 number to the average random failure rate in the time period before end of life.  For any given application, the cycle rate is estimated and the “random failure rate” is calculated.  I heard one engineer state in an email “This is great. We finally are getting failure rate data from these safety relay companies.”  Whoa! …

Continue Reading >>

Failure Data • (0) Comments • Permalink

Field Failure Rate: 10 FITS or 1000 FITS?

Viewed 1393 times

After analyzing field failure data from hundreds of data sets from dozens of sources, it is becoming easy to see why results from different studies may vary by an order of magnitude or more. The data collection process itself varies by an order of magnitude or more!  A few questions can show essential differences:

    • When is a failure report written? 
    • What is the definition of failure? 
    • Are “as found” conditions recorded during a proof test?
    • What were the operating conditions?

A few examples:

One extensive set of test results from a manufacturer’s test shop indicated “strong proof” that the manufacturer had an…

Continue Reading >>

Failure Data • (1) Comments • Permalink

Driving with Blinders

Viewed 682 times

Imagine: An automobile that has only one window in the front.  No side windows. The driver can see to steer the auto forward and turn, but cannot see completely from side to side.  What happens when the driver reaches an intersection with no traffic lights? The driver cannot see out the sides, so how does he or she decide when to drive through the intersection?

The driver could take the same approach we use in the Safety Lifecycle.  We establish a tolerable risk target.  A number of one major accident per 120,000 intersection crossings is chosen. We do a risk assessment. Obviously the main hazardous event in the process of driving through the intersection is getting hit by another…

Continue Reading >>

Failure Data • (1) Comments • Permalink

Do you believe the numbers?

Viewed 1111 times

In a couple of recent projects and discussions, I have come across something extremely concerning. Engineers are very good at performing accurate calculations, and the PFDavg and PFH computations for SIL performance verification are improving in precision all the time. Unfortunately, there is often such a focus on the details of the calculation that some critical big-picture items go missing. Although it is important to properly estimate the effects of partial proof test coverage, redundant architectures and high diagnostic coverage on the PFDavg and PFH to get a precise result, we miss the basic question: “Should we believe the numbers?”

The first thought is, why shouldn’t we? There is now a wide range of reliable failure rate data for all…

Continue Reading >>

Failure Data • (0) Comments • Permalink

Two Billion Hours

Viewed 1579 times

When I studied Reliability Engineering in graduate school, I was taught that failure rate data came from field failure studies.  I assumed that operating companies always kept accurate records when a piece of equipment failed.  I also assumed that someone would investigate the failures and assign a root cause. Later, I found that is not quite reality in many industries.  Even so, field failure data is a valuable source of information even when the reports are incomplete and information is missing.

This past summer, exida completed a large field failure study on pressure transmitters and remote seals. This study was based on manufacturer warranty return data.  Experts know that type of data should not be used by itself to calculate…

Continue Reading >>

Failure Data • (1) Comments • Permalink

Don’t ignore the operator when searching for root cause

Viewed 1861 times

Something was wrong with our washing machine.  The wash cycle was longer than normal.  The problem seemed intermittent at first, but then it became persistent across all wash cycles.  Preliminary investigation revealed the cycle got stuck on spin.  Now, I am normally not allowed to operate the washer with real clothes; this is my wife’s realm.  But when she has a problem, I have a problem.  Her solution was to buy a new washer, even though this one was barely 3 years old.  I was hoping for a cheaper solution, but it would require investigative time and data collection. 

So I observed the washer.  When it got to the first spin cycle, it kept spinning, rather than advancing to…

Continue Reading >>

Failure Data • (0) Comments • Permalink

PHA to LOPA: Part II

Viewed 2899 times

Continued from Part I

In some cases the screening methods will indicate that a SIF is needed. These screening methods can be designed to determine how many orders of magnitude risk reduction is needed, allowing a required SIL to be documented for a particular SIF. The screening method used to establish compliance with corporate risk criteria should be relatively conservative to allow for the lack of accuracy in the methods. The approach A LOPA rules inherently make it a conservative approach and is well suited to determine SIL requirements. For any SIF identified, there needs to be a safety requirement specification (SRS) developed and a SIL verification performed and documented to ensure that the…

Continue Reading >>

Layer of Protection Analysis (LOPA) • (0) Comments • Permalink

PHA to LOPA: Part I

Viewed 4376 times

Parts I and II of this article provide a framework for when it is appropriate to make the transition from qualitative analysis to more quantitative during the hazard review work process. It further illustrates that LOPA can be used as part of what is considered more qualitative analysis as well as for more fully quantitative analysis. Figure 1 outlines the overall work process with key decision points that comprise the analysis portion of the safety lifecycle.

When process hazard review teams perform a HAZOP, the main objective is to identify hazards and start the process of determining whether the risk presented is tolerable or not. Hazards are identified by consideration of deviations from expected operation.…

Continue Reading >>

Layer of Protection Analysis (LOPA) • (0) Comments • Permalink

Keeping “Dancing Monkeys” out of your PLC

Viewed 3375 times

Last week a security researcher, Dillon Beresford of NSS Labs, presented at the Blackhat conference on the security vulnerabilities he found in Siemens PLC firmware.  One of many stories on Dillon’s findings can be found here.  Among other things, Dillon found “dancing monkeys” in the code!  Actually, what he found was this graphic of four dancing monkeys inserted in the firmware as an “Easter Egg” - meaning it was intentionally put there by a developer as a joke.  Easter Eggs are cute in websites and video games but not in software that is operating critical infrastructure.  This finding raises concerns about Siemens software quality assurance practices.  While this prank is most likely harmless, imagine, for…

Continue Reading >>

Control System Security • (0) Comments • Permalink