To be clear, the above title is meant to capture your attention. We all understand and know that it is unusual for a Process Safety engineer and the IT architect to possess detailed knowledge of both safety and security. In today’s world, the operators, engineers, design and support personnel of an operating asset are required to be aware of the implications of cybersecurity attacks that can not only impact the business from a financial perspective, but can also initiate process safety-related incidents. 

There are two clear hurdles in the interaction of these two disciplines. The first is technological vocabulary. I have often found that these two disciplines have completely different vocabularies and especially from a different context. A process safety engineer speaks of demands once in 10 years. The IT security technologist tends to assume persistent threats of a cyber-attack being 24|7, 365 days a year. 

The second hurdle in the effective collaboration of these two disciplines is work process. During a HAZOP review, operations, engineering, safety, ICS, and process engineers are all relevant working partners that participate during the review. To add an IT resource seems overwhelming and not the best use of time for the IT architect.

The key to unraveling this is a base understanding of the technological vocabulary and a work process that allows the subtle integration of these two disciplines.

The IT architect and the Process Safety Engineer must reach out to each other, understand the fundamental basis for their respective vocabularies, and walk through the work process. Below is a graphic as excerpted from ISA TR84.00.09, “Cybersecurity Related to the Functional Safety Lifecycle,” that illustrates a simplified work process to facilitate the discussions. 

The final point, many high performing companies are crafting high level work process that encourage, enable or define how, when and why these two lifecycles interact. This approach enables these organizations to close the gap on that 1 % additional organization efficiency. 1 % doesn’t sound like a lot however in some cases it’s the differences between winning and losing.

04 - Cybersecurity Metrics, Diagnostics, and Alarms: What’s What?