IS & Ex

Safety meets security

March 2019 IS & Ex

The importance of the safety technologies installed in machines and systems increase over the lifecycle of an application. However, as networking of automation systems with the IT world is becoming more and more commonplace, scenarios are likely to arise where a different approach is required, especially for safety applications.

Security challenges are growing

As production and IT become inextricably linked within the framework of Industry 4.0, the security challenges are also growing. The network interfaces between office IT systems and production networks represent a significant gateway for hackers. Examples of threats that industrial control systems currently face are:

• Infection with malware via the Internet.

• Introduction of malware via removable media and external hardware.

• Social engineering i.e. influencing of people in order to bring about certain modes of behaviour.

• Human error and sabotage.

• Unauthorised access to the system via remote maintenance solutions.

• Control components coupled to the Internet via the IP protocol.

A study by Kaspersky, conducted in 2017, revealed that nearly every third cyber-attack on computers for industrial control systems was directed against manufacturing companies. Experts fear that the number of malware attacks is set to increase in 2019, with the focus being on industrial systems. The worlds of safety and security meet when automated solutions implemented for functional safety become the target of hackers. A common strategy must therefore be developed in future. The Triton malware in combination with a cyber-attack against a Safety Instrumented System (SIS) is a current case, which demonstrates that this is a far from hypothetical scenario.

Indirect effect on the end product

Functional safety refers to the safety component of a system that relies on the correct function of the safety-related (control) system and other risk-reducing measures. In this case, the controller performs the task of initiating the safe state when a critical error occurs. The requirements for the quality of safety-relevant control components are described in the B-standard EN ISO 13849 and the IEC series 61508/61511/62061. Depending on the degree of risk, corresponding risk-reducing measures are classified into different safety levels – Performance Level (PL) or Safety Integrity Level (SIL).

In contrast to functional safety, security protects goods from detrimental impairment as a result of intentional or inadvertent attacks on the availability, integrity and confidentiality of their data. This involves the use of preventative or reactive technical and/or organisational measures. If security aspects in the area of safety are disregarded, this can not only have direct effects on production facilities, it can also indirectly affect the production process and therefore the end product. In the context of pharmaceutical products and safety-relevant components for the automotive industry, it is easy to see how the effects on consumers could be significant. The IEC 61511-1 therefore requires an IT risk assessment to be carried out for safety equipment in the process industry. If operators of process control engineering (PCE) safety equipment perform the IT risk assessment as specified in the attached NAMUR NA worksheets and implement the measures identified, it is likely they will have assessed their PCE safety equipment in accordance with the latest technical standards and will therefore have fulfilled their duty-of-care obligations.

Active search for weak points

When considering functional safety and access security, the potential risk must be considered based on a risk assessment or IT threat analysis. Here, a considerable difference in approaches is already evident. While the risks that design engineers need to consider within the scope of the risk assessment in accordance with the Machinery Directive – mechanical or electrical hazards for example – tend to remain the same, the environment in which IT security experts find themselves is constantly changing. In the latter case, attackers are always actively looking for ways to exploit vulnerabilities, which would be considered systematic errors in the area of functional safety.

Another important aspect to consider is the human factor: The expression ‘foreseeable misuse’ is used in the field of machine safety, for example, to describe situations where safety equipment – such as a door switch – is tampered with by operating personnel. With large-scale cyber-attacks on industrial systems, on the other hand, it must be assumed that a high degree of criminal energy is exerted.

Initial approach in a NAMUR worksheet

To safeguard the product life cycle of safety-oriented systems or components, manufacturers, system integrators and operators are required within the scope of Functional Safety Management to adopt an approach to quality management that reflects the requirements of the situation in accordance with IEC 61508. A comparable solution for this exists in the security world in the form of Information Security Management in accordance with ISO 27000. Since there is so much common ground, it should now be possible to interlink the two spheres of safety and security activity in practice.

The worksheet published by NAMUR titled IT risk assessment of PCE safety equipment adopts an initial pragmatic approach which leads in this direction. It describes an IT risk assessment method that uses the IEC 62443 security standard as its starting point to provide a basis for increasing the capability of the PCE safety equipment to avert IT threats. To this end, the three steps in phase 1 were performed once as an example for one system, which reflects the systems typically found in the NAMUR member companies. This allows the user to gauge the usefulness of the method for the PCE safety equipment to be assessed. The fourth step – monitoring implementation of the measures and documenting the IT security requirements and general conditions – must be carried out individually for all items of PCE safety equipment to be evaluated and constitutes phase II.

No adverse effects on functional integrity

From the hardware and software perspective, the system being examined can be subdivided into three zones:

• The core PCE safety equipment in zone A comprises the PCE safety equipment as defined in the IEC 61511-1. This includes the logic system, the input and output modules including remote I/O, and also the actuators and sensors. Connections and, if applicable, available network components – for example cables or switches – that are used to interface with devices located in zone A are also allocated to this zone.

• Components that are not necessary for implementation of the safety function but could nonetheless influence the behaviour of the core PCE safety equipment are allocated to the extended PCE safety equipment in zone B. These could be operator/control panels, visualisation stations, the programming unit for the PCE safety equipment, and also devices for sensor/actuator configuration.

• Components and systems that do not belong either directly or indirectly in the same category as the PCE safety equipment but could be linked to the safety function belong in the zone referred to as ‘environment’. This could be reset requirements or the visualisation of the status of the safety function.

The common objective of the zones is to ensure that the functional integrity of the safety equipment is not compromised by feedback effects from the environment.

Comprehensive training of relevant personnel

Measures must be taken to reduce the effects of compromised PCE safety equipment or to counteract threats. The human factor also plays a significant role in this process. This is highlighted by the fact that the blame for more than 50% of cybersecurity incidents ultimately lies with employees. It is therefore important that there is an IT security officer responsible for the security equipment. In this regard, all persons involved in the specification and design of the safety equipment should be made more aware of the subject of Automation Security, and trained accordingly. Furthermore, it is advisable for the end user to conclude confidentiality agreements with any contractual partners – i.e. manufacturers, suppliers and external operators – to safeguard information and knowledge in relation to the safety system.

Components, software tools and solutions by Phoenix Contact support users by providing them with a flexible and economic combination of safety and security technology to increase their competitive edge in the international market. This, complemented by a comprehensive range of services, which provides system planners and operators with a service portfolio tailored to their requirements throughout the entire safety lifecycle.

Cloud-based provision of key safety system data

The Proficloud from Phoenix Contact provides companies with important information on optimising production processes. Safety of machinery also remains a critical issue for plant engineers and machine operators. Although safety applications are in the first instance designed to protect users of the machine, they can also cause unplanned downtimes. The ability to access safety system data via the IIoT in real time and convert this into meaningful information has enormous potential.

With Profinet-based control solutions, status information for standard and safety functions is transmitted continuously to the Proficloud. Adopting a holistic approach to resources and machinery gives operators and designers a whole new range of options for increasing operational performance.

For more information contact Sheree Britz, Phoenix Contact, +27 11 801 8200,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Measurement data on the lookout for artificial intelligence
April 2019, Phoenix Contact , IT in Manufacturing
In the global race for competitive prices, it is the most efficient processes that win the race.

Calibration in hazardous areas
April 2019, QTEK Instrumentation & Calibration Solutions , IS & Ex
This article is an edited version of a Beamex calibration white paper, the original unedited document can be downloaded at

Compact splice boxes for future-proof data transmission
April 2019, Phoenix Contact , IT in Manufacturing
Phoenix Contact has extended its range of splice boxes with the new FO range. These FDX 20 series splice boxes ensure continuously reliable data transmission in real time. With their compact and uniform ...

Pump monitoring in hazardous areas
Technews Industry Guide: Maintenance, Reliability & Asset Optimisation 2019, Siemens Digital Factory & Process Indust. & Drives , IS & Ex
Safety has top priority wherever flammable media are used in industry. This applies in particular to the chemical industry, where flammable liquids are produced, processed and transported by pumps in ...

Is your building safe from fire?
March 2019, Alien Systems & Technologies , IS & Ex
Correct selection of detectors is vital.

Safety exhaust valve for emergency stop
March 2019, Parker Hannifin Sales Company South , IS & Ex
Parker Hannifin has introduced a new safety exhaust valve that rapidly exhausts compressed air in the event of a fault condition or when a machine has an emergency stop. The P33 is designed for two-channel ...

Ex-rated instruments for explosive atmospheres
March 2019, R&C Instrumentation , IS & Ex
In many industries, there are certain areas that are classified as hazardous or Ex areas. This is an area that contains, or may contain, combustible substances such as gas, vapour or dust. Typical hazardous ...

New generation safety controllers
March 2019, Beckhoff Automation , IS & Ex
TwinSAFE: consistently modular, scalable and distributed safety applications.

LSIS obtains Ex rating for HMI range
March 2019, Ana-Digi Systems , IS & Ex
Starting with the iXP2 premium series of HMIs, in the latter half of 2018 LSIS began rolling out the Ex certification for the entire range of these exceptional products. The products carry the rating ...

Eliminating the maintenance backlog in record time
February 2019, Phoenix Contact , Maintenance, Test & Measurement, Calibration
Adaptation concept facilitates the introduction of modern control systems and control technology.