The main steps for analyzing safety and reliability in process facilities

Originally published on GMI blog by GM International| July 24, 2019

Traditional industry is gradually going digital. It’s not just a matter of investment, but also of approach. Companies need to take proactive measures to protect themselves, using cybersecurity, by ensuring that physical systems are integrated with logical ones.
Moreover, many control devices (PLC, RTU, HMI/SCADA), sensors, instruments and embedded systems are networked and at the same time are crucial for the operation of machinery and process facilities. While these connected devices help to raise productivity, efficiency and value, on the other, extended connectivity does of course increase IT risk.
One of the consequences of this new paradigm is that always-on status, that we already enjoy at an individual level, can be extended to the manufacturing world. Protecting data, machinery, process facilities, programmes, products and people must therefore be part of an extended strategy, in which monitoring sensors and video-surveillance, remote-control, anti-intrusion, and anti-burglary systems all converge.

The first challenge is to become aware that Operational Technology (OT) networks and factory systems have to be protected, in order to ensure high availability for the process facility itself in an integrated form with IT systems. The next step is to make security one of the system requirements for those who design, develop, use and maintain such systems. The concept of security by design (i.e. that any system is designed from the outset to be secure) should be present at every stage in a system's life cycle. Such an approach involves designing predictive and reactive systems that can anticipate threats and implement effective and timely intervention plans.

Given the proliferation of the Internet of Things and the over 20 billion devices expected to be connected by 2020 (according to the most authoritative forecasts), inevitably this scenario leads to physical security-related problems. Also, critical infrastructures, remote maintenance platforms, automated production systems, to name but a few examples, require in-depth new knowledge. And by expanding interconnected technologies, we undoubtedly expose ourselves to increased risks. Traditional technologies, which are based on the assumption that they have already encountered similar security threats in the past, are inadequate or not strong enough to counter threats that are more subtle and harder to identify than they used to be.
Data integrity is a very serious issue today. Even when instrumental, electronic and IT components seem to be verified, safe and functioning, they can cause functional issues (that may not manifest immediately) when installed in industrial plants, infrastructures and means of transport.

Businesses need to be aware that any vulnerability in their IT network may lead to a physical security breach. Cybersecurity and physical security are connected and work much better when integrated. Furthermore, physical security systems are more efficient if equipped with smart features. A key factor in obtaining rapid uniform responses could be to set up new platforms which will alert staff quickly and facilitate information exchange. For example, a fire alert in a control room can generate a signal on 3 levels – security, safety, emergency – handling images, data and actions that immediately correlate security with process-facility safety.