Exploring relevant cybersecurity and functional safety standards
Industry associations and governments have established various cybersecurity and functional safety standards in recent years, providing mandatory guidance and regulations for compliance. Furthermore, these standards are regarded as industry best practices for ensuring the safety and reliability of numerous process industries.
These standards are issued by the IEC, thus many countries have superseded their own national requirements and implemented these standards instead. This has provided substantial operational leverage for businesses with operations in multiple countries, as the global standards allow for a single standard to be applied throughout the organization.
This section will provide an overview of SIS-applicable standards with a brief description of the relevant security controls. For other functional safety requirements not outlined here, we recommend that you review the applicable IEC standards.
The IEC provides two renowned, widely used functional safety standards – IEC 61508 and IEC 61511:
- IEC 61508 is a general safety document from the IEC that provides an overarching framework for achieving functional safety in safety-related systems for many industries and applications. IEC 61508 is used as a foundation for sector-specific functional safety standards including IEC 61511, IEC 61513, ISO 26262, and IEC 62304.
- IEC 61511 is a dedicated standard that is primarily focused on process industries and is based on IEC 61508.
- IEC 62304 covers software safety classification, while ISO 26262 is about road vehicles’ functional safety.
The following diagram depicts the most widely used industry functional safety standards:
Figure 1.8 – Scope of IEC 61508 and IEC 61511
The scope of IEC 61508 and IEC 61511 can be described as follows:
- IEC 61511 – Functional safety – Safety Instrumented Systems for the Process Industry Sector
IEC 61511 is a global norm prescribing requirements and guidance for the formation, execution, and operation of SIS for the process industries with a spotlight on the end users. The standard encompasses the overall safety lifecycle of an SIS, including cybersecurity requirements as a part of functional safety and risk management as stipulated by IEC 61508.
In terms of safety and cybersecurity intersection, the IEC 61511 standard (edition 2) was amended in 2016, with clause 8.2.4 outlining the need for conducting a cybersecurity risk assessment to determine the presence of any potential security weaknesses or vulnerabilities on the SIS. To this end, users of the IEC 61511 standard are directed to seek guidance related to SIS security from the IEC 62443 standards and ISA TR84.00.09.
IEC61511-1: 2016 edition 2 https://webstore.iec.ch/publication/24241 clause 8.2.4 mandates a thorough examination of security risks to pinpoint any vulnerabilities within the SIS. This assessment should encompass the following:
- Defining the devices under scrutiny (including the SIS, BPCS, or any connected devices)
- Identifying potential threats capable of exploiting vulnerabilities, leading to security breaches (ranging from deliberate attacks on hardware and software to inadvertent errors)
- Assessing the potential repercussions of security breaches and estimating their likelihood
- Addressing various project phases, including design, implementation, commissioning, operation, and maintenance
- Determining any additional measures required to mitigate risks
- Outlining the steps taken to mitigate or eliminate identified threats, or providing references to relevant information
- IEC 61508 – Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems
IEC 61508 is a standard series of functional safety, which applies throughout the lifespan of Electrical, Electronic, and Programmable Electronic (E/E/PE) systems and products. This set of regulations encompasses parts of devices and equipment that perform automated safety characteristics; these components may include sensors, control logic, actuators, and microprocessors.
The uniform technical approach mandated by IEC 61508 can be applied to all safety systems within the electronics and related software industries, regardless of sector. Not only does this horizontal standard target suppliers of safety systems but it can also be used to some extent by those that provide equipment for these safety systems. Furthermore, IEC 61508 sets out four different Safety Integrity Levels (SILs) to determine the success of a system in meeting its specified safety objectives. These SILs are dependent on the robust analysis of the potential risks and hazards of a device, as well as on the consequent likelihood and severity of any such hazard.
Clause 7 of the standard, specifically titled Realization of the Safety Function, includes criteria for implementing safety functions in an SIS, as well as requirements and guidance for addressing cybersecurity risks. Therefore, although the IEC 61508 standard does not concentrate exclusively on cybersecurity, it does provide recommendations for mitigating cybersecurity risks in an SIS.
As for ICS cybersecurity, common ICS security-related standards include the following:
- ISA/IEC 62443 – Security of Industrial Automation and Control Systems
The IEC 62443 series provides a structural foundation that encompasses the safety of Industrial Automation and Control Systems (IACSs) including SIS. This set of standards currently consists of 13 documents that address topics such as developing a proper IACS security program and system design requirements for securely integrating control systems. Additionally, ISA TR84.00.09 builds on the work of ISA99 for IEC 62443 and examines defensive measures to reduce the chance of a breach that may compromise the SIS’s performance. This technical report also furnishes criteria for warding off external and internal security threats and outlines ways to meet the requirements of IEC 61511.
The following diagram provides an overview of the IEC 62443 standards series and key areas of focus:
Figure 1.9 – Structure of the IEC 62443 series
- NIST 800-82 – Guide to Industrial Control Systems (ICSs) Security
SP 800-82 from the National Institute of Standards and Technology affords insight into enhancing the security of ICSs. This includes SCADA, DCS, and PLCs, while also handling their varied specifications as well as safety prerequisites. It offers an excursus on ICSs and their general system layouts, pinpoints potential threats, and prescribes countermeasures to cut down the related risks, including SIS. NIST 800-82 emphasizes the importance of risk management in ICS security by providing guidance on conducting risk assessments, identifying threats and vulnerabilities, and developing risk mitigation strategies.
- NRC regulation 5.71 – Cyber Security Programs for Nuclear Power Reactors
The US Nuclear Regulatory Commission’s 10 CFR 5.71 regulation stresses the significance of cyber defense in the architecture and running of systems that are safety-critical. It requires licensees to build and execute digital safety-related systems with the highest levels of assurance, making sure that they are resilient to cyber intrusions that could jeopardize their safety functions. This regulation also mandates licensees to put cybersecurity programs into place that incorporate certain measures to both manage cyber threats and maintain system dependability and consistency in the long run.
Revision 1 of NRC regulation 5.71 provides required guidance on Defense-in-Depth (DiD) practices based on international standards such as the NIST 800 series and International Atomic Energy Agency (IAEA) cybersecurity guidance. This version provides insight into concerns raised from cybersecurity reviews, trends in the industry, emerging legislations, and disruptive technologies as well as outreach programs including lessons learned from cybersecurity incidents.
- NEI 08-09 – Cyber Security Plan for Nuclear Power Reactors
NEI 08-09 is a high-level security plan (or strategy) with a layered architecture and a variety of security controls based on the NIST SP 800-82 and NIST SP 800-53 standards. This strategy ensures that systems and networks linked with safety-related operations are protected against cyberattacks that could potentially harm their mission critical functions.
- NERC CIP
The North American Electric Reliability Council Critical Infrastructure Protection (NERC CIP) is a regulation to monitor, enforce, and manage the cybersecurity of the Bulk Electric System (BES) in North America. This set of standards is intended to identify and protect vulnerable assets that can influence the reliable supply of electricity throughout the continent’s BES. The CIP framework is designed to ensure the security of the CI.
Requirements CIP-002-5.1a and CIP-005-6 under NERC CIP focus on the identification and protection of cybersecurity management for safety systems. These standards mandate that responsible organizations must recognize and record details of safety systems. These are described as systems and equipment that are essential for detecting, preventing, or mitigating scenarios that might cause significant disruptions or hinder the safe shutdown of the bulk electric system.
Here is a high-level overview of these standards:
- CIP-002-5.1a BES Cyber System Categorization: This categorizes BES cyber systems and their associated assets to tailor cybersecurity measures appropriately, based on the potential impact that damage, unauthorized access, or misuse could have on the BES’s reliability.
- CIP-005-6 Electronic Security Perimeter: This defines a controlled boundary around networks where critical cyber assets are connected, controlling access to these networks. The goal is to regulate electronic access to BES cyber systems and establish a secure perimeter to prevent actions that could disrupt or destabilize the BES.
In the next section, we will discuss the various stages of the functional safety lifecycle as well as the high-level cybersecurity phases that are crucial to safety critical systems. We will also explore the common processes and methods that are used in each phase as well as their importance in ensuring safe operations.
