Cyber Security in Functional Safety
Protecting Industrial Control Systems
20 December 2016
The world is becoming more connected, making cyber security more essential than ever. A cyber attack can result in financial impact, damage to reputation, and risk to operations, so it is not advisable to simply react to breaches when they occur. The best way to provide security is to be proactive against threats and have proper risk mitigations in place.
To help safeguard people, processes, and technology against cyber security threats, there are four steps to consider:
- Know your vulnerabilities: A problem many in functional safety encounter is being unaware of the threats to their systems and how to counter them. Developing a more secure system requires an awareness of your risks and evaluating how your system could be affected by a cyberattack. It is important to assess not only your current risk, but also the risks your systems could face in the future. Staying up-to-date on cyber security threats will help you stay ahead of the game.
- Determine your risk tolerance: To know what security tools are right for your system, determine how much risk you are comfortable with. Risk tolerance will depend on what you are controlling, your level of exposure, and the impacts of a breach on your people, processes, and the environment. If, for instance, your control system is responsible for a nuclear reactor, you will be averse to almost any level of risk going into that system.
- Find the right solution: Once you have assessed your vulnerabilities and determined your risk tolerance, put the proper security measures in place. There are several tools that can help make systems more secure, each addressing a different aspect of cyber security. Mechanisms such as passwords, smart cards, and biometric systems allow control over who has access to a system, while firewalls and encryption provide an added layer of security for communication between individuals or systems. The key is finding the most suitable solutions to mitigate your risks.
- Monitor and detect: Cyber security does not stop with the use of passwords or firewalls. Once security measures are in place, the system must be continually monitored to detect any malicious activity. Detection tools such as auditing software and scanning technologies allow you to see who is accessing a system as well as any activity taking place. This provides for early detection and faster removal of cyber security threats, which will in turn limit the damage to your system.
Cyber security is an ongoing effort to reduce risk and maintain the integrity of systems for a company, its customers, and stakeholders. As technology continues to modernize and change, taking these steps will help to ensure systems are better protected against cyber security threats.
To learn more about protecting your industrial control systems from cyber attacks, view our free webinar.
Erik Reynolds works with Intertek consulting services and has 15 years' experience in design, development, and deployment of mission critical systems while supporting systems engineering life cycle activities of leading global companies. Previously an Air Force flight test engineer and design team member for NASA payloads, Reynolds has expertise in product design for high reliability performance in harsh environments. Reynolds is a Certified Functional Safety Expert (CFSE), a certified Project Management Professional (PMP), and a licensed Professional Engineer (PE) in the state of Texas. He is also working toward a PhD in Systems and Engineering Management at Texas Tech University (expected 2017).