Wednesday 1 August 2018

What is the difference between IEC 61511 and IEC 61508

A lot of engineers and functional safety practitioners struggle to understand the difference between the two most popular standards for functional safety used in the industry as at today. A nicely written article by John Yozallinas CFSE recently published on the Exida website perhaps explain these differences  as clearly as I have ever seen any one explain it. according to John,

"IEC 61508 is considered a basic or “umbrella” standard for functional safety.  It is generic and sometimes even vague.  IEC 61508 was intended that various industry sectors provide their own specific standards and guidelines as needed.  Here we can see the relationship between 61508 and other standards, such as 61513 for the nuclear sector, 62061 for the machine safety sector, and 61511 for the process control sector."
Source: http://www.exida.com/Blog/functional-safety-standards-iec-61508-vs.-iec-61511

Friday 30 March 2018

Cybersecurity for Safety Related Systems

Cyber security issues are becoming more common in the modern world due to the fact more and more devices are designed with high levels of technology. Devices, systems and networks are becoming increasingly more open and integrated and therefore accessible providing an ever increasing attack surface for cyber security threats. Many safety-related systems were designed and developed at a time when the issue of cyber security was not envisaged. That leaves many of today’s current systems potentially vulnerable to new and emerging threats. Whilst the IT industry is further ahead in relation to cyber security the priorities for Information Technology (IT) are different from those of Operational Technology (OT) and the solutions and mechanisms used are not necessarily applicable to industry and industrial control systems. There are many threat vectors and it is important to bear in mind that not all cyber security incidents are the result of deliberate actions. Many cyber security incidents are triggered accidently or by inadvertent actions. The security threat landscape is constantly changing, however there are some general classifications as described in IEC 62443 of potential threats that an organization should consider:
 – Malicious hackers – an individual whose objective is to penetrate the security defences of a third party computer system or network. [ISO/IEC 27002]
 – Professional Hackers – an organization funded by a government or other organization specifically aimed at penetrating security defences.
– Disgruntled Employee - an individual who works for the organization who may be inclined to do harm resulting from their state of mind regards the organization.
– Well-meaning employee – an individual who works for the organization, who, during the course of their work, circumvents a security countermeasure in order to “get the job done”.
– Third-party contractor – an individual or organization that may have privileged access to the Basic Process Control System (BPCS), Safety Instrumented System (SIS) and/or other control-related systems through an agreement to operate or maintain those systems.
– Automated systems (device-to-device) – automated portions of the BPCS, SIS and/or other control-related systems that have privileged access.
As cyber security is a relatively modern discipline some organisations currently produce guidance and / or standards, most of which are still to be fully developed. Some of this guidance is for the IT industry, some is specifically for industrial control systems and some addresses, at least in part, the requirements for safety-related systems. The most recent versions of the functional safety standards for the Process Industries (IEC 61508 and IEC 61511) have added a mandatory requirement to consider cyber security threats and, if any are identified, take the necessary steps to protect against them. It should also be considered good practice to apply this mandatory cyber security requirement to functional safety in all other industries, for example machinery (IEC 62061 / ISO 13849).

Saturday 27 January 2018

Safety Instrumented Function (SIF) - Explained

What is a Safety Instrumented Function - SIF?

The term “safety instrumented function” or SIF is becoming common in the world of safety instrumented systems (SISs). It is one of the increasing number of Swords— SIS, SIL, SRS, SLC, etc.—that are coming into our safety system terminology. The definition of a SIF as provided in IEC standard 61511, “Functional safety: Safety Instrumented Systems for the process industry sector,” leaves a bit to be desired as a practical definition, and the application of the term leaves
many people confused. IEC standard 61511 defines a safety instrumented function as a “safety function with a specified safety integrity level which is necessary to achieve functional safety. A safety instrumented function can be either a safety instrumented protection function or a safety instrumented control function.” A safety function is further defined in 61511 as a “function to be implemented by a SIS, other technology safety-related system, or external risk reduction facilities, which is intended to achieve or maintain a safe state for the process, with respect to a specific hazardous event.” The standard 61511, however, uses the terms SIS and SIF somewhat interchangeably
in places.

What is the difference between IEC 61511 and IEC 61508

A lot of engineers and functional safety practitioners struggle to understand the difference between the two most popular standards for func...