The Link between Functional Safety and Cybersecurity
Dr. Hassan El-Sayed, Business Development Manager – Underwriters Laboratories
Presentation Summary: Industrial Internet of Things (IIoT) is becoming perhaps the most significant of all the industrial “revolutions” Industry 4.0 to date. One such importance is Cybersecurity (CS) as a threat to the process industry. It is already reported in 2018 (Forbes), that Cyberattacks on IoT devices skyrocketed in 2018 and surpassed 300% in 2019. In 2018, the number of malware incidents in IoT devices has grown from 813M to 2.9B in 2019.
It is reported in (i-SCOOP), the industrial IoT market size expected to reach $123.89 billion in 2021. This shows what was forecasted early in 2017 that IIoT investment will make up high percentage of some organizations’ capex budgets as businesses embrace the opportunities of digitization . The major benefits of IIoT are well known – machine learning, monitoring devices communicating with each other, this leads to high efficiency, reliability, profitability, coupled with the ability to record big data for remote analysis. Yet, the challenges and opportunities that IIoT brings in the quest for managing risk to persons, equipment and the environment requires an equal focus, particularly when considering how IIoT will be incorporated into process control and factory automation.
Problems/Challenges: ICS systems have traditionally been focused on safety and physical security. Operators, therefore, tend to leave cybersecurity to someone in IT. But the convergence of information technology systems with operational technology (OT) systems, is now making the need for cybersecurity more apparent. However, this requires a change of mind-set. An important first step is to gain an understanding of the differences between safety and security. This is essential if systems, processes, data and personnel are to be fully protected.
Solution: Modern control systems are no longer isolated but are part of a larger connected infrastructure that can offer significant cost savings but also cybersecurity concerns. Security risks associated with integrating, modifying or maintaining a controller in process can impact the overall safety and security. This changes the risk profile that should be considered when designing and/or integrating components in the systems of systems
Results/Benefits: Our presentation will provide an overview of the reality of secure systems of systems. We will provide examples of noteworthy cybersecurity breaches to demonstrate how vulnerabilities in processes and components are exploited. We will identify and review key concepts in Functional Safety and Cybersecurity and will show the interdependencies between these two important areas. We will also distil the key steps every product manufacturer and asset owner should be aware to assure Functional Safety and Cybersecurity are considered for products and systems.