(55ax) The Important Bridge between Functional Safety and OT Security

Safety instrumented systems, called SCIS, as on part of the entire OT system landscape, are essential components that interact in real time with our refineries, tank farms, pipelines, and power plants. Due to risk management requirements out of IEC61511 and IEC62443 as well as the need for secure and efficient OT system operations, there are essential requirements to bridge functional safety and OT security.

Incidents and threats from recent years are showing that cyber-threats for industrial SCIS are real and must be addressed to secure business strategy and legal requirements.

Modern industrial OT systems can only be cost effective when optimized in terms of an integrated OT security and functional safety management approach. This applies to new projects, revamps, and minor changes. In any case, the entire life cycle must be considered. The integration must be based on a standard which is considered in the early planning phases up to the decommissioning of the related asset.

As part of our ongoing security programs (OT Security Roadmaps), the integration of risk assessment and management practices of functional safety and OT security, plays a central role in the secure and available operation of our OT systems at OMV. This includes technical and organizational measures to improve and maintain the safety of our asset and contribute to overall process safety.

Following key achievements had a remarkable impact of enhancing OMVs Functional safety and OT security management with one integrated risk assessment approach:

• Definition, introduction, and steady application (iterative and dynamic) of OT security HAZOP/SWIFT sessions to address and assess safety instrumented systems as separate and high value security zones, which is also the formal link between IEC61511 and IEC62443,
• Interaction and management of multidisciplinary teams,
• The safety requirement specification (SRS) brings together all the information to make sure that the SIS will provide the right level of performance and risk reduction, incl. OT security to address the specified requirements for:
  • Performance,
  • Integrity,
  • Operations and maintenance,
  • Service and repair
• Simple and clear segmentation and access concept for SCIS incl. a sharp interface between safety related and non-safety related components from the SIS,
• Standardized execution of functional safety relevant FATs and SATs with OT security content out of the joint risk assessments,

The target of the presentation is to show how OT security and functional safety can be interlinked to deliver optimized and state-of-the-art practices while not over-specifying and designing the organizational processes and technical solutions.