The Hand-in-Hand Relationship between Functional Safety and Cybersecurity Evaluations
Safety is the name of the game in this ever evolving world of the Industrial Internet of Things (IIoT), which allows operators to connect a multitude of individual devices and control systems through wireless networks. The integration of automated safety systems is rapidly expanding around the world and across diverse industries – including process, household and commercial products, medical, nuclear, automotive, railway, and avionics – making manufacturing operations “smarter”. But cyber-attacks are on the rise as more industries continue to invest in smart technologies, and it has become abundantly clear that in this increasingly connected industrial world, safety needs security. While functional safety evaluations provide the hazard and risk analysis necessary for proper functioning of machines and systems, cybersecurity evaluations help identify data breaches that can impact industrial controls. A proactive business decision – one that helps drive optimal safety, reliability, and operational efficiency – includes ensuring both evaluations are executed.
Functional Safety: Establishing Confidence in Failure Situations
For manufacturers, ensuring reliability and efficiency in their operations is critical to the business bottom line. It is not enough to say that the operation of machines and systems is critical to the creation of the end product. “Operation” is only one part of the equation. Efficient production of end products depends on the correct operation of machines and systems in all scenarios – meaning that they respond safely and reliably to inputs, that all components of the machine or system operate as expected, and that any operation errors, hardware failures or environmental interference can be managed safely. In other words, machines and systems will operate safely even when they malfunction. This is functional safety.
Mass industrial automation has created international recognition of the importance of functional safety evaluation and certification, labelling it an essential tool to identify, control and mitigate hazards and risks, particularly in those cases where a failure could lead to serious injury or death.
Cybersecurity Considerations: An Extension of Functional Safety
Cybersecurity protocols support functional safety and safety-related solutions in industrial processes. Since process automation increasingly involves linking equipment together in an open network architecture, the safety and security risks created by this IIoT environment should be a foremost concern. A cybersecurity product evaluation helps establish a level of confidence in the security features of IIoT devices in industrial settings through a reliable quality assurance process.
A cybersecurity evaluation parallels the functional safety testing using specific security frameworks and the International Electrotechnical Commission’s (IEC) 62443 series of standards – which address the issue of security for industrial automation and control systems (IACS) – and other applicable standards. The evaluation process first identifies and assesses applicable risks and the necessary SILs. The effectiveness of security measures is then evaluated, taking into account any related design considerations. The overall evaluation includes assessment of the security of the product development process as well as the implementation of security measures in the product itself.
CSA Group Can Help Bridge the Gap
Given the hand-in-hand relationship between functional safety and cybersecurity, and the fact that evaluating for both increases operational efficiencies, doesn’t it make sense to utilize a third party testing organization that has proven expertise in both? An overall product functional safety evaluation helps assure that an automated, safety-related device or system operates correctly in response to inputs, protecting operators and/or property and the environment from any hazard. CSA Group can conduct cybersecurity analysis and testing as part of the functional safety testing and certification of IoT and IIoT products and systems. This includes rigorous analysis and testing called for under the IEC 62443 series and other cybersecurity frameworks required by supply chains and end use customers.
The cybersecurity evaluation process typically includes: Gap Analysis, Security Development Lifecycle Assurance (SDLA); Embedded Device Security Assurance (EDSA); and Bench Testing. Download CSA Group’s free white paper on ‘Protecting Connected Devices Against Cyber Attack’. To learn more about how the industrial sector is using robots to improve safety and efficiency, including how functional safety and cybersecurity play an important role, download CSA Group’s free white paper on ‘The Continued Rise of Industrial Robots in Hazardous Locations’.