IS & Ex

Security concerns for safety systems

September 2019 IS & Ex

As machines become more complex, safety technology is becoming more and more important. However, as networking of automation systems with the IT world is becoming increasingly commonplace, scenarios are likely to arise where a different approach is required, especially for safety applications.

Security challenges are growing

As production and IT become inextricably linked within the framework of Industry 4.0, the security challenges are also growing. The network interfaces between office IT systems and production networks represent a significant gateway for hackers.

Examples of threats that industrial control systems currently face are:

• Infection with malware via the Internet.

• Introduction of malware via removable media and external hardware.

• Social engineering i.e. influencing of people in order to bring about certain modes of behaviour.

• Human error and sabotage.

• Unauthorised access to the system via remote maintenance solutions.

• Control components coupled to the Internet via the IP protocol.

A study by Kaspersky, conducted in 2017, revealed that nearly every third cyber-attack on computers for industrial control systems was directed against manufacturing companies. Experts fear that the number of malware attacks is set to increase in 2019, with the focus being on industrial systems. The worlds of safety and security meet when automated solutions implemented for functional safety become the target of hackers. A common strategy must therefore be developed in future. The ‘Triton’ malware in combination with a cyber-attack against a Safety Instrumented System (SIS) is a current case, which demonstrates that this is a far from hypothetical scenario.

Indirect effect on the end product

Functional safety refers to the safety component of a system that relies on the correct function of the safety-related (control) system and other risk-reducing measures. In this case, the controller performs the task of initiating the safe state when a critical error occurs. The requirements for the quality of safety-relevant control components are described in the B-standard EN ISO 13849 and the IEC series 61508/61511/62061. Depending on the degree of risk, corresponding risk-reducing measures are classified into different safety levels – Performance Level (PL) or Safety Integrity Level (SIL).

In contrast to functional safety, security protects goods from detrimental impairment as a result of intentional or inadvertent attacks on the availability, integrity and confidentiality of their data. This involves the use of preventative or reactive technical and/or organisational measures. If security aspects in the area of safety are disregarded, this can not only have direct effects on production facilities, it can also indirectly affect the production process and therefore the end product. In the context of pharmaceutical products and safety-relevant components for the automotive industry, it is easy to see how the effects on consumers could be significant. The IEC 61511-1 therefore requires an IT risk assessment to be carried out for safety equipment in the process industry. If operators of process control engineering (PCE) safety equipment perform the IT risk assessment as specified in the attached NAMUR NA worksheets and implement the measures identified, it is likely they will have assessed their PCE safety equipment in accordance with the latest technical standards and will therefore have fulfilled their duty-of-care obligations.

Active search for weak points

When considering functional safety and access security, the potential risk must be considered based on a risk assessment or IT threat analysis. Here, a considerable difference in approaches is already evident. While the risks that design engineers need to consider within the scope of the risk assessment in accordance with the Machinery Directive – mechanical or electrical hazards for example – tend to remain the same, the environment in which IT security experts find themselves is constantly changing. In the latter case, attackers are always actively looking for ways to exploit vulnerabilities, which would be considered systematic errors in the area of functional safety.

Another important aspect to consider is the human factor: The expression “foreseeable misuse” is used in the field of machine safety, for example, to describe situations where safety equipment – such as a door switch – is tampered with by operating personnel. With large-scale cyber-attacks on industrial systems, on the other hand, it must be assumed that a high degree of criminal energy is exerted.

Initial approach in a NAMUR worksheet

To safeguard the product life cycle of safety-oriented systems or components, manufacturers, system integrators and operators are required within the scope of Functional Safety Management to adopt an approach to quality management that reflects the requirements of the situation in accordance with IEC 61508. A comparable solution for this exists in the security world in the form of Information Security Management in accordance with ISO 27000. Since there is so much common ground, it should now be possible to interlink the two spheres of safety and security activity in practice.

The worksheet published by NAMUR titled ‘IT risk assessment of PCE safety equipment’ adopts an initial pragmatic approach which leads in this direction. It describes an IT risk assessment method that uses the IEC 62443 security standard as its starting point to provide a basis for increasing the capability of the PCE safety equipment to avert IT threats. To this end, the three steps in phase I were performed once as an example for one system, which reflects the systems typically found in the NAMUR member companies. This allows the user to gauge the usefulness of the method for the PCE safety equipment to be assessed. The fourth step – monitoring implementation of the measures and documenting the IT security requirements and general conditions – must be carried out individually for all items of PCE safety equipment to be evaluated and constitutes phase II.

No adverse effects on functional integrity

From the hardware and software perspective, the system being examined can be subdivided into three zones:

• The core PCE safety equipment in zone A comprises the PCE safety equipment as defined in the IEC 61511-1. This includes the logic system, the input and output modules including remote I/O, and also the actuators and sensors. Connections and, if applicable, available network components – for example cables or switches – that are used to interface with devices located in zone A are also allocated to this zone.

• Components that are not necessary for implementation of the safety function but could nonetheless influence the behaviour of the core PCE safety equipment are allocated to the extended PCE safety equipment in zone B. These could be operator/control panels, visualisation stations, the programming unit for the PCE safety equipment, and also devices for sensor/actuator configuration.

• Components and systems that do not belong either directly or indirectly in the same category as the PCE safety equipment but could be linked to the safety function belong in the zone referred to as ‘environment’. This could be reset requirements or the visualisation of the status of the safety function.

The common objective of the zones is to ensure that the functional integrity of the safety equipment is not compromised by feedback effects from the environment.

Comprehensive training of relevant personnel

Measures must be taken to reduce the effects of compromised PCE safety equipment or to counteract threats. The human factor also plays a significant role in this process. This is highlighted by the fact that the blame for more than 50 percent of cybersecurity incidents ultimately lies with employees. It is therefore important that there is an IT security officer responsible for the security equipment. In this regard, all persons involved in the specification and design of the safety equipment should be made more aware of

the subject of Automation Security, and trained accordingly. Furthermore, it is advisable for the end user to conclude confidentiality agreements with any contractual partners – i.e. manufacturers, suppliers and external operators – to safeguard information and knowledge in relation to the safety system.

Components, software tools and solutions by Phoenix Contact support users by providing them with a flexible and economic combination of safety and security technology to increase their competitive edge in the international market. This, complemented by a comprehensive range of services, which provides system planners and operators with a service portfolio tailored to their requirements throughout the entire safety lifecycle.

Cloud-based provision of key safety system data

The Proficloud from Phoenix Contact provides companies with important information on optimising production processes. Safety of machinery also remains a critical issue for plant engineers and machine operators. Although safety applications are in the first instance designed to protect users of the machine, they can also cause unplanned downtimes. The ability to access safety system data via the IIoT in real time and convert this into meaningful information has enormous potential.

With Profinet-based control solutions, status information for standard and safety functions is transmitted continuously to the Proficloud. Adopting a holistic approach to resources and machinery gives operators and designers a whole new range of options for increasing operational performance.

For more information contact Sheree Britz, Phoenix Contact, +27 11 801 8200,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Phoenix Contact bids farewell to GM Peter Mauff
October 2019, Phoenix Contact , News
Peter Mauff took on the position of general manager back in 2005, and sadly, after 14 years of loyal service, Phoenix Contact has bade him farewell. The company grew exceptionally well under his leadership ...

Interference-free Ethernet media converter
October 2019, Phoenix Contact , Fieldbus & Industrial Networking
The new FL MC EF 660 SCRJ media converter from Phoenix Contact enables the connection of cost-effective polymer and HCS/PCF fibre technology. The optical transmission of data via fibre optics is free ...

Light grid with integrated muting
October 2019, ifm - South Africa , IS & Ex
The new generation of light grids from ifm electronic incorporates muting mode without an external junction box or a muting relay being required, as they are already integrated into the receiving element. ...

How integrated visual management and remote monitoring demystify machine safety
September 2019, Turck Banner , IS & Ex
This article shares common challenges for machine safety, and shows how combining easy-to-use safety devices with visual indication and remote monitoring capabilities can help make safety simpler and more effective.

Taking safety to the next level
September 2019, SICK Automation Southern Africa , IS & Ex
SICK Automation is a world leading manufacturer of sensors, safety systems and automatic identification products. The next step for safety – this core idea therefore underpins the entire design of the ...

Alarm system upgrade from Omniflex
September 2019, Omniflex Remote Monitoring Specialists , IS & Ex
Fiddler’s Ferry Power Station was constructed by the CEGB (Central Electricity Generating Board) in the UK and came into full operation in 1973. It has four 500 MW sets, giving a total generating capacity ...

Intrinsic safety barcode scanning from Extech Safety Systems
September 2019, Extech Safety Systems , IS & Ex
Extech Safety Systems has worked with UK-based Mobexx to develop the MobXscan mobile application for barcode scanning with mobile devices. The app has been released for Windows 10 and Android, offering ...

Smart devices for Ex areas
September 2019, Pepperl+Fuchs , IS & Ex
The Pepperl+Fuchs brand ecom has launched its next generation ATEX Zone 1/21 and Div. 1 certified, intrinsically safe 4G/LTE-Android smartphone – Smart-Ex. The Smart-Ex 02 is a complete new development ...

RS introduces safety eyewear selector tool
September 2019, RS Components SA , IS & Ex
RS Components has announced availability of a new online tool that makes it easier for customers in their selection of protective and safety eyewear for a wide range of industrial applications. Targeting ...

Outsmarting the DC switch arc
August 2019, Phoenix Contact , Electrical Power & Protection
Trouble-free switching even of higher DC loads up to 250 VDC and 10 A can be realised by means of selecting a special coupling relay, preferably with blowout magnet.