The move by most, if not all, DCS vendors towards “open systems” and the resulting incorporation of off-the-shelf technologies represented a significant shift in control system design. System integration became easier, product development by manufacturers was accelerated, and training was simplified as it leveraged common tools and concepts. While the benefits have been tremendous, at the same time, open technology has now allowed control systems to be exposed by frequent and significant security vulnerabilities, putting production, assets, and human safety at risk. Gone are the days of proprietary operating systems and communication busses, isolated systems, and inherently secure processing environments.
In today’s interconnected world, a successful cyber-attack represents a potential common mode source that can both cause the demand and prevent instrumented safeguards from performing their safety function. Understanding the integration of Cybersecurity into the Safety Lifecycle is key to the complete Process Safety Management Lifecycle.
The process can be broken down into three phases: