Functional Safety and Cyber Security: what’s the link between them?

Functional Safety Certification

A device can be subjected to a third-party assessment, to certify its SIL and so show that it meets the requisite functional safety standards, thus ensuring its compliance with the requirements of standard IEC 61508.

SIL certification is globally valid and is the most direct and authoritative way to demonstrate the complete reliability of a product in terms of its functional safety for the user, wherever a third party has specific accreditation for evaluating functional safety.

 

Recommended in-depth study:

 

Reliability of network-connected devices

We can extend the idea of reliability to various objects vulnerable to hacking, for example, a SIL item that involves a network protocol, or certain accessory or diagnostic functions that communicate with a field network, or an SIL item that is connected via Bluetooth or Wi-Fi. These all need to be protected against malicious attacks, and so should also be fully reliable in relation to OT cyber security, in line with standard IEC 62443.

 

legame fra sicurezza funzionale e cyber security

Download Infographics

Do you want to contribute to our page? Follow us on Linkedin

 

OT Cyber Security Certification

ISASecure® certification is the most frequently used official assessment scheme for certifying compliance with the requirements of standard IEC 62443, ensuring resilience in the face of attacks and based on values such as security, helpfulness, integrity, and confidentiality.

 

Recommended in-depth study:

 

Cyber security certification is often required for functional safety (e.g. in the case of sensors that communicate with controllers via network protocols), but it is even more important for components that form part of an automation and control network designed to protect the system from external attacks.

 

The future of Functional Safety

So should a SIL item also be certified in terms of cyber security?

Most definitely. The future of functional safety is certainly moving towards a merger between compliance and the digitalization of safety devices.

Dual certification for an item to meet the requirements of both IEC 61508 and IEC 62443 ensures an even higher level of reliability, improves overall safety, and certainly increases the sales potential of the product. Although this system may appear rather novel, it is in fact readily accessible, and can create an immediate competitive advantage for many manufacturers.

 

For further information:

 

ISASecure® Certification benefits

Why obtain the ISASecure® Certification

The benefits of ISASecure® certification are many. In particular, it:

  • Establishes a higher level of trust
  • Improves product security
  • Establishes company policy for the use of ISA/IEC 62443
  • Updates product development processes to comply with IEC 62443
  • Proves a proactive approach to achieve competence in cyber security
  • Improves product sales via the use of the globally recognized ISASecure® Certification

 

The primary benefit of third-party conformity certification is that it establishes trust between asset owners, product suppliers, and service providers. Indeed, the independence and capability of an accredited third-party assessor provide a higher level of trust.

In addition, the certification improves the safety, integrity, availability, and confidentiality of the Industrial Automation Control System (IACS) using a risk-based, methodical and complete process throughout the entire lifecycle, including the secure design, implementation, and validation of the system.

 

Further information:

 

The combination of technology with sufficiently trained people and work processes ensures the safety, integrity, availability, and confidentiality of a control system. Therefore, all this makes the system less vulnerable to cyber attacks.

The certification assessment also helps decrease the time, cost, and risk of developing control systems by establishing a collaborative program between asset owners, product suppliers, and service providers.

In this way, the development of industry standards, in general, can accelerate by certifying control systems that meet a common set of requirements as proof of major product security according to the IEC 62443 international standards.

Lastly, the certification supports a proactive approach to achieve competence in cyber security, which is a very important point in favor of product suppliers.

For all these reasons, ISASecure® Certification improves product security and consequently improves product sales thanks to the use of the certification in product marketing.

 

What products can be certified

Product suppliers can certify various types of IACS systems and components identified by the reference standard IEC 62443:

  • IACS components, such as embedded device, host device, network device, software application
  • IACS system/control system consists of a set of IACS components
  • Automation solution combining IACS systems and components
  • Industrial Automation and Control System (IACS) including the automation solution and the policies for its maintenance

 

Types of ISASecure® certificate

The ISASecure® Certification scheme covers 3 types of certificates. For all of these, it must be conducted conformity assessment with the aim of evaluating the procedures that describe the product, identifying the applicable requirements, and providing the methodology to assess that IEC 62443 standards have been met.

The types of certificates are:

  • ISASecure Security Development Lifecycle Assurance (SDLA) according to IEC 62443-4-1
  • ISASecure System Security Assurance (SSA) according to IEC 62443-3-3
  • ISASecure Component Security Assurance (CSA) according to IEC 62443-4-2

 

It is mandatory to obtain the SDLA certificate before applying for either SSA or CSA certificates.

A certificate lasts 3 years and can be extended once the product supplier passes a recertification audit.

What is ISASecure® Certification

ISASecure® certification scheme

ISASecure® is a third-party conformity assessment scheme based on the ISA/IEC 62443 series of standards aimed at cybersecurity certification of IACS systems, such as DCS and SCADA.
A third-party conformity assessment scheme is also known as a certification scheme.

The goal of the ISA/IEC62443 Series is to improve Industrial Automation and Control System (IACS) using a risk-based, methodical, and complete process throughout the entire lifecycle, through the implementation of:

  • Safety
  • Integrity
  • Availability
  • Confidentiality

 

Without people who are sufficiently trained, without risk-appropriate technologies and adequate security measures, an IACS exponentially increases its vulnerability to a cyber-attack.

 

Recommended in-depth study:

 

The owner and developer of the ISASecure® Certification Scheme is the ISA Security Compliance Institute (ISCI), a non-profit corporation that sets rules and procedures that identifies the types of products and processes being assessed, identifies the specified requirements and provides the methodology to perform certification.

ISCI offers three certifications with three security assurance levels in alignment with ISA/IEC 62443.

  1. ISASecure Component Security Assurance (CSA) Certification
  2. ISASecure System Security Assurance (SSA) Certification
  3. ISASecure Security Development Lifecycle Assurance (SDLA) Certification

 

Who issues the certification

While ISCI develops and maintains the Certification Scheme, it does not perform the certification itself.

This is done by an ISASecure® Certification Body, which is an organization that specializes in third-party conformity assessments. Certification bodies are accredited by an accreditation body based on the ISO/IEC 17065 standard, which addresses topics such as confidentiality and impartiality in the certification process.

ISASecure® Certificate issued by a Certification Body is globally recognized and demonstrates that the applicable ISA/IEC 62443 requirements have been met.

 

In the world, there are only five ISASecure accredited Certification Bodies, including us, BYHON.

Structure of IEC 62443

IEC 62443 family of standards

The most relevant parts of IEC 62443, for the development of secure products throughout the entire lifecycle, and in order to obtain the ISASecure® Certification as well, are:

  • Part 1-1: Terminology, concepts, and models introduce the concepts and models used throughout the series. The intended audience includes anyone wishing to become familiar with the fundamental concepts that form the basis for the series.
  • Part 2-1: Establishing an IACS security program describes what is required to define and implement an effective IACS cyber security management system. The intended audience includes asset owners who have responsibility for the design and implementation of such a program.
  • Part 3-2: Security risk assessment for system design addresses cybersecurity risk assessment and system design for IACS. The output of this process is Risk Assessments and target security levels. These are documented in the Cybersecurity Requirements Specification. This standard is primarily directed at asset owners and system integrators.
  • Part 3-3: System security requirements and security levels describe the requirements for an IACS based on the security level. The principal audience includes product suppliers of IACS products, integration service providers, and asset owners.
  • Part 4-1: Product security development lifecycle requirements describe the requirements for a product supplier’s security development lifecycle. It is addressed to product suppliers of IACS systems and IACS components.
  • Part 4-2: Technical security requirement for IACS components describes the requirements for IACS components based on the security level. IACS Components include embedded devices, host devices, network devices, and software applications. The principal audience includes product suppliers of IACS component products.

 

norma iec 62443

Download Infographics

Do you want to contribute to our page? Follow us on Linkedin

 

IEC 62443 principal roles

As mentioned above, the IEC 62443 standard identifies 3 different stakeholders occurring in product security:

  • Asset Owner is the organization that is accountable and responsible for the IACS. The asset owner is also the operator of the IACS and the EUC (Equipment Under Control).
  • Integration Service Provider is the organization that provides integration activities for an automation solution including design, installation, configuration, testing, commissioning and handover to the asset owner. The integration service provider may also facilitate the risk assessment.
  • Product Supplier is the organization that manufactures and supports a hardware and/or software product. Products may include IACS systems and IACS components such as embedded devices, host devices, network devices, and/or software applications.

 

Recommended in-depth study:

 

The picture below shows the relationship between the 3 roles and how they interact with each other.

There is a fourth remaining role, the Maintenance Service Provider, who is the individual or organization that provides support activities for an automation solution, even though he doesn’t actively participate in the ISASecure® Certification process.

 

iec 62443 roles

What is Industrial Cyber Security (IEC 62443)?

What the IEC 62443 standard aims at

The IEC 62443 is the international standard for the security of industrial automation control systems. This standard is therefore the only reliable solution for Cyber Security in the field of industrial automation.

This standard was set up almost twenty years ago by a group of volunteers belonging to the SP99 Committee, established by ISA, International Society Automation & Control. It was later reviewed and adopted by the IEC, the International Electrotechnical Commission; hence the original name was ISA 99/IEC 62443.

Even if not mandatory for companies, the application of this standard makes industrial control systems immune to cyber threats. In the current scenario, where the number of hazards for this type of technology is significantly growing, the application of the IEC standard ensures that companies are immune from any potential hazards that may cause, among other things, the breakdown of equipment, freeze in production, as well as unexpected costs related to the repairing of control systems, and profit loss.

This international standard was therefore set up to protect Industry 4.0 making the sharing of data from outwards to inwards, and vice-versa, safe and reliable.

 

IEC 62443 compliance and Cyber Security Lifecycle

Before examining which specifications of the Industrial Cyber Security standard are the most relevant for Industry 4.0, it is necessary to clarify some fundamental terms to better understand this field.

IACS: literally Industrial Automation Control System, also known as ICS, Industrial Control System. In a broader meaning, IACS is synonymous with OT (Operations Technology) being a technology that interfaces with an operational process. In this context, the term is used to distinguish an IACS from an IT device that aims at receiving and transmitting the information. Examples of IACS are industrial devices such as PLCs, HMIs, or SCADAs.

IACS Security Lifecycle: it is the Security Lifecycle of an IACS, namely the set of phases that must be carried out in order for the IACS protection to be in compliance with the Cyber Security requirements defined by the IEC standard. The phases of the IACS Security Lifecycle are Assess, Implement, and Maintain.

CSMS: it is the Cyber Security Management System that represents the set of practices and actions aiming at identifying cyber risks and defining the most correct countermeasures.

 

IACS Security Lifecycle

iec 62443 lifecycle

Do you want to contribute to our page? Follow us on Linkedin

 

The international IEC standard covers all phases of the IACS Security Lifecycle. It begins with the assessment of risks and vulnerabilities and ends with the maintenance of the security level performances in the long term.

 

Recommended in-depth study:

 

The Assess Phase consists of a set of activities aiming at identifying high-level risks and analyzing vulnerabilities and low-level risks. It ends with the allocation of minimum Cyber Security requirements required for each component of the IACS system.

 

Assess

1. Risk Assessment

2. Vulnerability Assessment

3. Penetration Test

4. Threat Modeling

5. Security Level Allocation

It is during the Implement Phase that companies wishing to protect themselves from cyberattacks shall define the entire CSMS, Cyber Security Management System, as well as adopt procedures and strategies aiming at preventing cyberattacks and protecting their own industrial control systems.

 

Implement

1. Defense Strategy

2. CSMS

3. Security Level verification

 

Cyber Security is however a process that needs to be constantly monitored and periodically implemented by means of maintenance activities (Maintain Phase) related to the safety level of industrial plants. This is the only way to ensure that data flow, which can be shared outwards, is safe from cyber threats, therefore avoiding catastrophic consequences for companies.

 

Maintain

1. Auditing

2. Follow up