Automation architectures extend beyond the instrumentation and control systems to safety instrumented systems, asset management systems, manufacturing execution systems, and more. All these systems and devices must be considered in managing strong cyber defenses.
In an Industrial Safety and Security Source article, Considerations in Choosing a Defendable Safety System Architecture, Emerson’s Sergio Diaz and Alexandre Peixoto focus on the basic process control system (BPCS) and safety instrumented system (SIS). They compare various architectures from a cybersecurity perspective.
Sergio and Alexandre open highlighting some of the relevant safety standards.
International Society of Automation (ISA) guidelines require that, among other things, safety-critical assets be logically or physically zoned away from non-safety-critical assets. The guidelines from the User Association of Automation Technology in Process Industries (NAMUR) define three zones that likewise must be logically separated.
They describe the 3 basic types of BPCS/SIS architectures:
…separate (or air-gapped), interfaced, and integrated but separate. Each has degrees of connection and security options.
Separate means the:
…SIS is not connected in any way — physically or over a wireless network — to the BPCS. This architecture offers no automated way for malware or data to move between systems.
In an interfaced architecture:
…information is transmitted between the SIS and the BPCS via standard industrial protocols, such as Modbus TCP, OPC Data Access (OPC DA), or OPC Unified Architecture (OPC UA). Communication between the systems should be restricted to operation only.
For an integrated yet separate architecture, the:
…SIS and the BPCS can share the same engineering tools and operator environment. However, the systems’ safety logic must run on dedicated hardware.
Cybersecurity considerations for each architecture include:
…protecting system entry points, building mitigating layers of defense, and assuring continued security throughout the facility’s lifecycle… [These] help determine the short- and long-term cybersecurity strategy for SIS.
Read the article as Sergio and Alexandre identify strengths and weaknesses of each of these 3 consideration areas against the 3 BPCS/SIS architectures. While it may seem intuitive that a fully air-gapped SIS would be the most secure, this may not be the case.
Visit the Cybersecurity for DeltaV Systems section on Emerson.com for more on the strategy, tools and solutions to maintain robust cyber defenses for your automation architecture. You can also connect and interact with other control, safety & cybersecurity experts in the Control & Safety Systems group in the Emerson Exchange 365 community.