Cyber meets safety

Safety has been the top priority in the process industry for decades, while cyber security only became relevant in recent years. Cyber security and safety seem to have an arbitrary contradiction. Differences certainly exist between these two pillars that support industry, but they have even more in common. Safety isn’t possible without proper cyber security in all cases.

A Safety Instrumented System (SIS) is the ‘last automated line of defense’ of any production process and is standardized in the IEC 61511.

Business continuity

An integral approach to cyber security and safety is necessary to guarantee business continuity. Cyber security and safety are of equal importance. But, having cyber risks automatically means a company can’t guarantee safety. These risks don’t pose any new dangers to safety, but they can disable critical safety controls and lead to hazardous situations. Not taking into account the possible environmental- and reputation damage.

An integral approach to safety and cybersecurity does have some challenges on an organizational level. For example: It isn’t possible to combine cyber security and safety in the same Risk and Vulnerability Assessment (RVA). In safety the challenge is to avoid any incidents. In cyber security the challenge is not to only avoid any incidents, but to also stay in control after one has occurred.

Cyber certification

The current worldwide cyber security standard for Industrial Automation and Control Systems (IACS) is the IEC 62443. This standards framework describes the implementation of a Cyber Security Management System (CSMS) from its first steps to a full implementation. Furthermore, it describes how the use of RVA’s will assist in determining Security Levels (SL’s) and managing vulnerabilities.

Safety is part of CE-marking and it’s likely cyber security will develop into a similar system as the Safety Integrity Level (SIL). Cyber security products will receive a cyber certification to indicate capability. In the short-term authorized certification will become more widespread.

“Safety isn’t possible without proper cyber security in all cases.”

Source: ‘Process Control (edition 4), June 2019’

In the spotlight

Monitoring your OT environment is essential. You know what is happening on your network and see to what extent you are compliant with various cyber security standards and laws and regulations.

IEC 62443 Standard

The IEC 62443 standard offers your organization tools to improve the digital security and safety of your IACS environment. Implementation of the standard improves the cybersecurity level of your organization's OT / ICS / SCADA environment.

The IEC 62443 is the international cybersecurity standards framework for operational technology (OT). The framework consists of a collection of standards, technical reports and related information for securing Industrial Automation and Control Systems (IACS).

read more

Hudson Cybertec’s IEC 62443 Competence Center has extensive experience with this standard. We play an active role in the development of the standard, actively promote it internationally and have developed a training program around the IEC 62443.

read more

It is becoming increasingly important for organizations to be able to demonstrate that the digital security of the OT environment is in accordance with standards frameworks. It is therefore possible to certify (parts of) your IACS environment according to IEC 62443.

read more

If you want to know more about this standard and need training on how to apply it within your own organization or at your clients, Hudson Cybertec has a number of very interesting training courses for you.

read more

The IEC 62443 standard provides organizations with tools to improve the digital security and safety of OT / ICS / SCADA environments.

read more

How digitally safe is your organization?

Curious about the possibilities? Please contact us!

Contact us

Newsletter

Sign up for our newsletter. We will keep you posted on the latest developments in our cybersecurity services.

  • This field is for validation purposes and should be left unchanged.