functional safety and security: ics cyber security is part of functional safety
Post on 20-Oct-2014
582 Views
Preview:
DESCRIPTION
TRANSCRIPT
FunctionalFunctionalSafety andSafety and
SecuritySecurityWhat Are the Real Issues and What Should We Be Doing About It?
Walt BoyesEditor in ChiefControl and ControlGlobal.com
ICS Cyber Security Conference 2013
“Careful, we don’t want to learn from this!”
FunctionalFunctionalSecurity, both Cyber Security, both Cyber
and Physical, is a and Physical, is a Subset of Functional Subset of Functional
SafetySafety
Why are Security and Safety so HARD?
Why is Safety so HARD?
Insanity is doing the same thing over and over and expecting different results!
Now, Back to BP…
Former BP CEO Tony Haywood
Clearly, it is not enough to “mean well”…
…and the Olympic Pipeline Disaster…
A cyber incident that cost lives… and destroyed a company
The problem isn’t just safety
SIS Security Alarm Management Operations Training Company Goals
Building SIS in a vacuum
SIS has to be part of an overall proactive safety strategy—one that includes cyber security and training
Building SIS in a vacuum
SIS must also be part of an overall proactive security strategy: Security is a safety issue!
Alarm Management…really
Alarm management: cure or symptom?
Make the operator more effective
Using operators correctly
Optimizing the HMI and using operators correctly are all part of what we’re calling alarm management
Operators are professionals…
Operators need to be in charge of the process
Operators are not clerks or technicians
Functional alarm management
Like safety, alarm management must be a continuous process…
A Fish Stinks from the Head
For security as well as safety, there must be support from highest management levels…
Physical Security
• Perimeter security• Personnel location
Functional Cyber Security
How do you protect systems that were designed to be inherently open?
Call it “Functional Security” to differentiate its needs…
Training that means something
90 days on nights isn’t enough
Training for the future…how?
…and who?
Why are Safety and Security so HARD?
Security is a Safety issue. If you didn’t believe that, now you do...or maybe not.
And Then There Was Stuxnet…
What we know can be done Attacks from outside
Network attacksDevice attacksPhysical attacks
Attacks from insideNetwork, device and system
Combined cyber and physical attacks
Is It Flight or Fight?
So, just where does that leave YOU?
Why are Security and Safety so HARD?
Hero or Goat?
top related