Securing and Protecting Process Plants in the Digital Age Functional safety requires IT security
|
|
- Collin Warner
- 6 years ago
- Views:
Transcription
1
2 Securing and Protecting Process Plants in the Digital Age Functional safety requires IT security In 2014, a German steel mill fell victim to a targeted cyberattack. Hackers used spear phishing and social engineering to gain access to the office network and then the production systems. The attack resulted in the failure of control components and subsequently entire systems. A blast furnace was severely damaged. Incidents like this are a wakeup call for plant operators, IT and automation businesses, safety engineers, and many others. They demonstrate the direct link between cybersecurity and the safety of industrial operations. Of course, smaller-scale attacks are much more likely, and they are happening. For example, an attack at one plant was only discovered after the data transmission volume exceeded the company s data plan. If the plant had used simple username/password authentication, it would not have been able to bring the attack under control. However, cyber-related safety vulnerabilities are can lead to more than just criminal activity. During the commissioning of another plant, engineering software encountered errors while recompiling the memory mapped input (MMI) following a plant shutdown. This led to an incorrect modification being automatically loaded into an integrated safety controller and then activated. All three examples demonstrate the need for specific IT security improvements. They also raise three larger questions about the relationship between cybersecurity and plant safety: 1. Can the vulnerability of integrated control systems influence the functional safety of a plant? 2. What do plant operators need to protect? 3. Can the principles developed for functional safety be applied to IT security? White Paper This white paper explores these questions, provides a selection of practical examples, and offers specific recommendations on how to ensure security and safety at industrial facilities.
3 International standards for plant safety and security Readers of this white paper may come from many different backgrounds. Some are IT specialists familiar with the standards that apply to cybersecurity in industrial plants. Some are specialists in plant operations, process engineering, and safety who are familiar with the industry standards that apply to them. Others may be managers who share responsibility for overall plant safety and security. In order to understand the correlation between cybersecurity and functional safety, it is important that everyone is on the same page. The definition of functional safety is a good place to start. IEC is the international standard of rules for functional safety of electrical, electronic, and programmable electronic safety-related systems, published by the International Electrotechnical Commission (IEC). According to this standard, functional safety is part of the overall safety that depends on functional and physical units operating correctly in response to their inputs. For a broader perspective, Wikipedia defines functional safety as the part of the overall safety of a system or piece of equipment that depends on the system or equipment operating correctly in response to its inputs, including the safe management of likely operator errors, hardware failures and environmental changes. By both the narrow and broad definition, the answer to the question Can the vulnerability of integrated control systems influence the functional safety of a plant? has to be yes. In the examples cited above, vulnerabilities were discovered at facilities and functional safety was clearly compromised. The objective of IT security must be to protect operations from any possible negative influences, thereby eliminating, or at least minimizing, potential hazards to people, environment, and assets. Even ruling out malicious threats, the fact remains that cybersecurity vulnerabilities can be found in almost any kind of automation system. This includes both the safety-related system itself and the distributed control system (DCS), of which the safety system may be a part. This is one reason why many safety experts call not only for the physical separation of safety instrumented system (SIS) and DCS components, but also for different engineering staffs and/or vendors to be responsible for each. Let s take a look at two other standards. Firstly, there is international standard IEC for the SIS. Whether independent or integrated into an overall basic process control system (BPCS), the SIS is a fundamental component of every industrial process facility. Figure 1 shows what IEC looks like in practice: - 3 -
4 Figure 1 In this model, the industrial process is surrounded by production layers. These collectively reduce the risk to an acceptable level. Risk and hazard analyses are carried out as part of the basic design process of every plant, and they determine the required risk reduction factor for each production layer. The risk reduction factor is set by the safety integrity level (SIL). The first line of protection for any plant is the control and monitoring layer, which includes the BPCS. The BPCS reduces the risk of the occurrence of an unwanted event. The risk reduction factor of a BPCS must be higher than 1 and lower than 10. The reason for this is that the BPCS does not usually have an SIL, as SIL 1 requires a risk reduction factor of at least 10. But, at the same time, it still has an influence (no influence would equate to a risk reduction factor of 1). Next, there is the prevention layer, which includes the SIS. The hardware and software at this level perform individual safety instrumented functions (SIFs). To reduce the overall risk to an acceptable level, the majority of critical industrial processes require an SIS that fulfils the requirements of SIL 3. This equates to a risk reduction factor of at least 1,000. Then, at the mitigation layer, technical systems are required to reduce damages should the lower protection layers fail. Mitigation systems are not usually part of the safety system as they are only activated after the occurrence of an event that should have been prevented. Mechanical equipment or structural features, such as retention basins, are often used in mitigation systems. Some of these also include automatic fire suppression systems. In cases where the mitigation system plays a part in defining additional safety measures, it may be covered by the safety evaluation as well. Take, for example, a fire suppression - 4 -
5 system at a tank farm. If the distance between the tanks is decreased as a result of the existence of the system, then the system may be regarded as safety relevant. Now let s consider the IEC standard for cybersecurity. IEC 62443, which is currently in draft form, covers the necessary security techniques to prevent cyberattacks on facility networks and systems (see figure 2). Figure 2 IEC requires the separation of the overall system. It introduces the concept of security zones, defined conduits, and additional firewalls at every conduit that connects one security zone to the next. The firewalls have different technical requirements depending on the security level necessary in each zone. IEC contains seven foundational requirements that consider the various security objectives, such as protecting a system against unauthorized access. This structure creates a tiered system of different defense mechanisms (also known as defense in depth). -5-
6 Standards and structures require protection So what do plant managers need to protect? According to the most recent version of IEC 61511, the answer is that both organizational demands and physical structures need to be given equal consideration. With regard to the organization, the standard calls for the following: Carry out a security risk assessment of the SIS Make the SIS sufficiently resilient against the identified security risks Safeguard the performance of the SIS, error detection and correction, protection against unwanted program alterations, protection of data for troubleshooting the SIF, and protection against bypassing restrictions to prevent the deactivation of alarms and manual shutdown Enable/disable read/write access via a sufficiently secure method Regarding the structure, IEC requires plant operators to conduct an assessment of their SIS. They should: Ensure independence between protection layers Establish diversity between protection layers Physically separate protection layers Identify and avoid common-cause failures between protection layers Another IEC requirement has particular bearing on the correlation between cybersecurity and plant safety: Wherever feasible, the SIF should be physically separated from non-safety-related functions. Independent protection layers are key Can the principles developed for functional safety be applied to IT security? The IEC (safety) and IEC (cybersecurity) standards both demand independent protection layers. Both standards stipulate: Independence of control and safety Measures to reduce systematic errors Separation of technical and management responsibilities Reduction of common-cause failures The standards also state that the entire system is only as strong as its weakest link. When using integrated safety systems (where the safety system and standard automation system are on the same platform), all hardware and software that could impair the safety function should be treated as part of the safety function. This means that the standard automation system must be subjected to the same management process as the safety system
7 It is important to highlight what this integration means. Namely, the BPCS is subjected to the same requirements that apply to functional safety; however, the safety system s requirements cannot be reduced. Safety standards in practice Figure 3 Consider the configuration in figure 3, which describes complex process applications (note: for simplicity, the architecture depicted is not in line with ISA 95). The structure shows different layers of components with functions of varying criticality. On level 1 we see field devices such as sensors and actuators which, depending on the nature of the individual device, may have their own IT relevance. The infrastructure of level 1 can be based on a wired connection, but may also use functions such as wireless HART data transmission or cable-based fieldbus installations. On level 2 we see the components processing the data captured by the sensors and required by the actuators. At both levels, real-time data transmission and processing are key. For that reason, software-based malware protection, such as virus scanners, is not deemed suitable. However, the absence of such features means that alternative measures are required. These include limiting communication accessibility (deactivating communication ports) and logical segregation of subunits. These measures must be maintained within all applications throughout the entire lifecycle of the plant. In the SIL 3 SIS shown, the entire SIS, including the engineering workstation, is segregated from the rest of the DCS. If this segregation is removed, for example as a result of a common engineering workstation being used, the following consequences need to be taken into account: - 7 -
8 According to IEC 61511, the DCS engineering workstation (EWS) needs to be part of the SIS. The entire change management process used for this device must be adapted to meet safety requirements. The interface between the SIS and DCS, which was write-only (from the SIS perspective) in the original concept, will need to have write/read functionality. This will increase the risk of unwanted modifications. To meet requirements for sufficient independence of the SIS, a mechanism is required to prevent unwanted modifications in a way that cannot be circumvented by the engineering workstation (see figure 4). Figure 4 If there is direct remote access to the SIS, the remote access device needs to be part of the SIS (cf. IEC 61511) provided there are no measures to prevent unauthorized access via the connection. This demand may be reduced by additional measures, such as switching off remote access when not in use. This requires a device that is not controlled by software and blocks functional modifications of the SIS, such as a key switch connected to a physical input of the SIS. Note: In this example, switching off means de-powering the connecting device
9 Safety-related evaluation when consolidating protection layers When consolidating protection layers, safety-related aspects also need to be considered. IEC requires different, independent layers of protection. If two protection layers are merged, plant operators need to re-evaluate the risk reduction. They need to prove that they have achieved the same overall risk reduction that would be provided by two separate protection layers. A risk analysis will typically identify the required risk reduction. However, this does not take into consideration which technical solution is used to implement the SIS. In most cases, the technical platform has yet to be selected at this phase of the project. Consider an example: A process is automated by a basic control system, and the risk analysis identifies that an SIL-3-compliant SIS is required to reduce risk (a risk reduction factor of 1,000). When using a solution equipped with two independent, air-gapped systems for automation, monitoring, and protection, the SIS will achieve a risk reduction of 1,000 (SIL 3) and the BPCS will achieve a risk reduction between 1 and 10. Overall, this solution would achieve a risk reduction factor between 1,000 and 10,000. In this case, if the application is realized with one integrated solution covering both safety and operational control, it needs to realize the same risk reduction factor that a solution with a separate safety system would achieve. Figure 5-9 -
10 Note that IEC sets requirements for both the mean time between failures for random (hardware) errors and the coverage of systematic errors, such as design and software errors. During this process, structures as defined in IEC can be used a starting point to define the risk reduction required from the SIS. For an overall system with an SIL-3-rated SIS, the total combined risk reduction of the BPCS and SIS can be calculated using this formula: Where R R = risk reduction R R = (> 1 > 10) 1,000 => 1,000 < 10,000 When implementing such an application with a homogenous, integrated solution, it is necessary to achieve the same risk reduction as a separated (air-gapped) solution. The common components of the integrated solution need to achieve a risk reduction factor between 1,000 and 10,000. This equates to SIL 4. Consequences of an integrated BPCS and SIS In the integrated solution, there are common components for the BPCS and SIS. Depending on the setup, this will be either the CPU, I/O busses, software such as the operating system (or parts of it), and symbol libraries. One may argue that different components of the same make may be used for the SIS and BPCS. However, if common elements such as operating systems or bus protocols are used, the systematic capabilities of such components need to comply with the requirements mentioned above. In practice, this means that SIL 4 requirements would need to be fulfilled. With current technology, this standard is unachievable for integrated systems
11 Simplify patch management with proprietary systems Plant managers are implementing more and more complex functions on automation platforms. Commercial off-the-shelf (COTS) operating systems for automation platforms deliver a wide range of features. However, these are often neither needed nor wanted on the automation platform, as they increase the complexity of the respective application. They require frequent updates and patches to eliminate potential vulnerabilities. After every update of an SIS, there needs to be a check to prove that it is functioning properly. This usually requires testing that is comparable with the effort of commissioning a plant. Therefore, the SIS should be designed in a way that minimizes the required updates and patches. HIMA does not use COTS-based operating systems. The runtime applications of HIMA automation products are operated by systems developed by HIMA exclusively for HIMA products. These operating systems support all the features required to run an SIS and no other functions. This clear focus makes HIMA products more robust and reduces IT security vulnerabilities and the need for patches. Recommendations for cybersecurity and safety Cybersecurity and plant safety are inextricably linked. The recommended international standards for functional safety for PLCs (IEC 61508), safety instrumented systems (IEC 61511), and cybersecurity (IEC 62443) pave the way to a safe, secure facility. The goal is to achieve robust plan safety and reduce security risks. Therefore, it is recommended to take the approach of standalone SIS and BPCS units, preferably from different vendors, rather than and integrated system from one vendor. For security and safety reasons, it is advisable for companies to consider an independent safety system built on a proprietary operating system. Of course, such a system can and should be fully compatible with DCS products. Additionally, it should feature easy-to-use engineering tools with integrated configuration, programming, and diagnostic capabilities. By following these recommendations and adhering to international standards, plant operators meet their obligations to protect people, communities, and the environment while ensuring their own financial security. The good news is that the hardware, software, and expertise to do this are available today
12 About the author Peter Sieber is Vice President of Global Sales & Regional Development at HIMA. Having worked in factory and process automation since 1985, he is now a member of steering committees dedicated to functional safety (IEC 61508) and IT security (IEC 62443). Mr. Sieber is actively involved in the process of defining functional safety and IT security guidelines for process automation applications
13 HIMA press contacts Headquarters: HIMA Paul Hildebrandt GmbH Daniel Plaga Albert-Bassermann-Str Brühl, Germany Tel.: Fax: The Americas: HIMA Americas Inc. Nicole Pringal Sr. Marketing and Public Relations Manager 5353 W Sam Houston Parkway N., Suite 130 Houston, Texas 77041, USA Phone I Cell Fax npringal@hima-americas.com
White Paper. Integrated Safety for a Single BMS Evaluation Based on Siemens Simatic PCS7 System
White Paper Project: Integrated Safety for a Single BMS Evaluation Based on Siemens Simatic PCS7 System Version 1, Revision 2, August 4, 2016 Jim Jenkins, William Goble The document was prepared using
More informationImplementing Safety Instrumented Burner Management Systems: Challenges and Opportunities
Implementing Safety Instrumented Burner Management Systems: Challenges and Opportunities Mike Scott, PE, CFSE Standards Certification Education & Training Publishing Conferences & Exhibits Presenter Mike
More informationIntegrating Control and Safety: Where to draw the line.
Integrating Control and Safety: Where to draw the line. Robin McCrea-Steele, TÜV FSExpert Invensys-Premier Consulting Services New digital technology now makes it feasible to integrate process control
More informationIs your current safety system compliant to today's safety standard?
Is your current safety system compliant to today's safety standard? Abstract It is estimated that about 66% of the Programmable Electronic Systems (PES) running in the process industry were installed before
More informationIEC61511 Standard Overview
IEC61511 Standard Overview Andre Kneisel Instrumentation Engineer Chevron C.T. Refinery SAFA Symposium 2011 August 5 th, 2011 Presentation Overview Provide some understanding of the key aspects of Functional
More informationAVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY
AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY World-class services help reduce incidents, protect the environment, and keep people and plants safe White Paper PAGE 1 Introduction
More informationProcess Safety - Market Requirements. V.P.Raman Mott MacDonald Pvt. Ltd.
Process Safety - Market Requirements V.P.Raman Mott MacDonald Pvt. Ltd. Objective of Process Safety Protect personnel Protect the environment Protect the plant equipment / production. Multiple Layers
More informationAVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY
AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY World-class services help reduce incidents, protect the environment, and keep people and plants safe White Paper PAGE 1 Introduction
More informationIntegrated but separate
End users of older automation systems essentially had to invest in two separate systems: a basic process control system and a separate safety instrumented system. Nowadays, suppliers differ in their opinions
More informationOptions for Developing a Compliant PLC-based BMS
Options for Developing a Compliant PLC-based BMS Jack Boone aesolutions Greenville, South Carolina, United States of America ABSTRACT Facilities are focusing on improving the reliability of their burner
More informationFUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK
FUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK USEFUL TERMINOLOGY BASIC PROCESS CONTROL SYSTEM (BPCS) System which responds to input signals from the process, its associated equipment, other programmable
More informationTECHNICAL SPECIFICATION
TECHNICAL SPECIFICATION IEC/TS 62443-1-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 1-1: Terminology, concepts and models INTERNATIONAL ELECTROTECHNICAL
More informationNew Developments in the IEC61511 Edition 2
New Developments in the IEC61511 Edition 2 Presented by Dr Issam Mukhtar PhD(Eng.) TÜV FS Expert (IDNo.:117/06) 6 th May 2013 2010 Invensys. All Rights Reserved. The names, logos, and taglines identifying
More informationADIPEC 2013 Technical Conference Manuscript
ADIPEC 2013 Technical Conference Manuscript Name: Heidi Fuglum Company: ABB AS Job title: Deployment Manager Address: Ole Deviksvei, Oslo, Norway Phone number: +47 91 36 98 70 Email: Heidi.Fuglum@no.abb.com
More informationAddressing Challenges in HIPPS Design and Implementation
Addressing Challenges in HIPPS Design and Implementation Valve Manufacturer s Association Afton Coleman, CFSP March 11, 2016 Agenda SIS and SIL basics HIPPS Purpose Increased demand for HIPPS, why? The
More informationPractical Methods for Process Safety Management
Practical Methods for Process Safety Management Putting Process Safety Management At The Heart Of Our Lives Canadian Chemical Engineering Conference 2006 October 18, 2006 CSChE Conference 2006 Quote Concern
More informationSafety and Security: Can they live together?
Safety and Security: Can they live together? Marcel Castro (Ph.D.) Technical Safety & Reliability Engineer IEC Young Professional 2014 Agenda Background Safety Standards Security Standards Aligning Safety
More informationSafety Instrumented Fire & Gas Systems
Safety Instrumented Fire & Gas Systems aesolutions Provides Full-Service Fire & Gas Engineering and Products The aesolutions FM-approved family of Fire & Gas safety systems ensures compliance with the
More informationTechnical Paper. Functional Safety Update IEC Edition 2 Standards Update
Technical Paper Functional Safety Update IEC 61511 Edition 2 Standards Update Functional Safety Update Table of Contents 1.0 Introduction 2.0 IEC 61511-1 changes 3.0 IEC 61511-2 changes 4.0 IEC 61511-3
More informationSafety Instrumented Systems The Smart Approach
Safety Instrumented Systems The Smart Approach The Emerson Approach to Safety More than ever, running your plant productively and safely requires the right technologies and experience. With increasingly
More informationSAFETY MANAGER SC Ensure safety, simplify operations and reduce lifecycle costs
SAFETY MANAGER SC Ensure safety, simplify operations and reduce lifecycle costs Meet Today s Cost and Complexity Challenges Industrial process plants are trying to reduce their process control and safety
More information67 th Canadian Chemical Engineering Conference EDMONTON, AB OCTOBER 22-25, 2017
Canadian Society for Chemical Engineering (CSChE) 67 th Canadian Chemical Engineering Conference EDMONTON, AB OCTOBER 22-25, 2017 MONDAY, 23 OCTOBER, 2017 Guillermo Pacanins, P. Eng., FS Senior Expert
More informationInstrumentationTools.com
Author: Instrumentation Tools Categories: Safety Systems S84 / IEC 61511 Standard for Safety Instrumented Systems IEC 61511 is a technical standard which sets out practices in the engineering of systems
More informationPRIMATECH WHITE PAPER CHANGES IN THE SECOND EDITION OF IEC 61511: A PROCESS SAFETY PERSPECTIVE
PRIMATECH WHITE PAPER CHANGES IN THE SECOND EDITION OF IEC 61511: A PROCESS SAFETY PERSPECTIVE Summary From the perspective of process safety, the most notable change is the addition of requirements for
More informationUSER APPROVAL OF SAFETY INSTRUMENTED SYSTEM DEVICES
USER APPROVAL OF SAFETY INSTRUMENTED SYSTEM DEVICES Angela E. Summers, Ph.D., P.E, President Susan Wiley, Senior Consultant SIS-TECH Solutions, LP Process Plant Safety Symposium, 2006 Spring National Meeting,
More informationFunctional Safety: the Next Edition of IEC 61511
HazAus2015/1507 Functional Safety: the Next Edition of IEC 61511 Mirek Generowicz Engineering Manager I&E Systems Pty Ltd Level 2, 445 Hay Street Perth WA 6000 Abstract The functional safety standard IEC
More informationSafety lnstrumentation Simplified
A United Electric Controls White Paper Safety lnstrumentation Simplified by: Wil Chin, Vice President of Marketing and Business Development at United Electric Controls Rick Frauton, Senior Product Marketing
More informationProtect your people, assets and environment while ensuring operational performance.
Fire and Gas Solutions Protect your people, assets and environment while ensuring operational performance. Honeywell Capabilities Gas Detectors Flame Detectors Fire Detectors Fire Alarm Panels Fire Suppression
More informationFire and Gas Detection and Mitigation Systems
Fire and Gas Detection and Mitigation Systems Dr. Lawrence Beckman, PE, TÜV FSExp SafePlex Systems, Inc., Houston, Texas ABSTRACT Fire and Gas Detection systems are key components in the overall safety
More informationMartin Huber 26September 2017 F&G SOLUTIONS FOR THE PROCESS INDUSTRY
Martin Huber 26September 2017 F&G SOLUTIONS FOR THE PROCESS INDUSTRY Agenda 1 Challenges in the Process Industry International codes and standards F&G in an industrial Facility Honeywell s industrial F&G
More informationFully configurable SIL2 addressable Fire & Gas Detection solutions
Fully configurable SIL2 addressable Fire & Gas Detection solutions Tyco are able to provide multiple configurations where the solution and devices are certified to meet the Functional Safety requirements
More informationexcellence in Dependable Automation ALARM MANAGEMENT
excellence in Dependable Automation ALARM MANAGEMENT www.exida.com Improve the performance of your operators through effective Alarm Management. Typical alarm management issues that hamper operator performance
More informationSafety Transmitter / Logic Solver Hybrids. Standards Certification Education & Training Publishing Conferences & Exhibits
Safety Transmitter / Logic Solver Hybrids Standards Certification Education & Training Publishing Conferences & Exhibits Traditional Pressure Sensor Portfolio Trip Alarm or Trip Module Process Transmitter
More informationSession Ten: The importance of a clear Safety Requirements Specification as part of the overall Safety Lifecycle
Session Ten: The importance of a clear Safety Requirements Specification as part of the overall Safety Lifecycle Abstract Andy Crosland SIS Business Development Manager, Europe Emerson Process Management
More informationWhy AC800M High Integrity is used in Burner Management System Applications?
Why AC800M High Integrity is used in Burner Management System Applications? Prepared by: Luis Duran Product Marketing Manager Safety Systems ABB Process Automation/Control Technologies TÜV Functional Safety
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD IEC 61511-2 First edition 2003-07 Functional safety Safety instrumented systems for the process industry sector Part 2: Guidelines for the application of IEC 61511-1 Reference number
More informationUser s Manual. YTA110, YTA310, YTA320, and YTA710 Temperature Transmitters. Manual Change No
User s Manual YTA110, YTA310, YTA320, and YTA710 Temperature Transmitters Manual Change No. 16-045 Please use this manual change for the manuals listed below. 1. Applicable manuals, revised item, revised
More informationoperational excellence Solutions for
PROCESS AUTOMATION operational excellence Solutions for HONEYWELL control SYSteMS Solutions for HoneYwell control SYStems Trusted Interface Technology Pepperl+Fuchs isolated barriers guarantee safe, reliable
More information2013 Honeywell Users EMEA Nice. Johan School. Concepts and Implementation of Process Risk Management using Safety Manager
2013 Honeywell Users EMEA Nice Johan School Concepts and Implementation of Process Risk Management using Safety Manager 1 Agenda Introduction What about safety Safety Instrumented Systems Industry Standards
More informationAustralian Standard. Functional safety Safety instrumented systems for the process industry sector
AS IEC 61511.2 2004 IEC 61511-2:2003 AS IEC 61511.2 Australian Standard Functional safety Safety instrumented systems for the process industry sector Part 2: Guidelines for the application of AS IEC 61511.1
More information2015 Honeywell Users Group Europe, Middle East and Africa
2015 Honeywell Users Group Europe, Middle East and Africa Safety System Lifecycle Support and Honeywell s capabilities in Industrial Fire & Gas Johan School, Honeywell (Product Manager Safety Systems)
More informationThe Amazing Secret World of ISA Standards
The Amazing Secret World of ISA Standards Standards Certification Education & Training Publishing Nicholas Sands, CAP, PE Past ISA VP of Standards and Practices Conferences & Exhibits About the Presenter:
More informationSiemens Process Automation End-user Summit- 2011
Siemens Process Automation End-user Summit- 2011 Experience. Technology. Community SIMATIC PCS 7 Process Safety Jean-Luc Gummersbach I IA AS PA PRM1 Global market trend in Process Safety Process Safety
More informationSafety Instrumented Systems
Safety Instrumented Systems What is a Safety Instrumented System? A Safety Instrumented System SIS is a new term used in standards like IEC 61511 or IEC 61508 for what used to be called Emergency Shutdown
More informationSession Four Functional safety: the next edition of IEC Mirek Generowicz Engineering Manager, I&E Systems Pty Ltd
Abstract Session Four Functional safety: the next edition of IEC 61511 Mirek Generowicz Engineering Manager, I&E Systems Pty Ltd The functional safety standard IEC 61511 provides a framework for managing
More informationSafety in the process industry
Products Solutions Services Safety in the process industry Simply reliable Table of contents Endress+Hauser: At home in the process safety Smart devices and concepts for hazardous areas Introduction to
More informationSITRANS. Temperature transmitter Functional safety for SITRANS TW. Introduction. General safety instructions 2. Device-specific safety instructions
Introduction 1 General safety instructions 2 SITRANS Temperature transmitter Device-specific safety instructions 3 Appendix List of Abbreviations/Acronyms A B Product Information Supplement to Operating
More informationDeltaV SIS TM. for Process Safety Systems Smart Safety Loops. Reliable Process.
DeltaV SIS TM for Process Safety Systems Smart Safety Loops. Reliable Process. The DeltaV SIS TM system helps you reliably protect your assets and improve your plant performance. Increased safety integrity
More informationDynAMo Alarm & Operations Management
Connected Plant DynAMo Alarm & Operations Management Solution Note Delivering operations integrity through better plant safety, availability and compliance across your entire enterprise Honeywell s DynAMo
More informationSafety Instrumented Systems Overview and Awareness. Workbook and Study Guide
Safety Instrumented Systems Overview and Awareness Workbook and Study Guide V 1.0 Preface Copyright Notice and Disclaimer Copyright 2017, Kenexis Consulting Corporation All Rights Reserved 3366 Riverside
More informationNew requirements for IEC best practice compliance
New requirements for IEC 61511 best practice compliance Proof testing and a SIL study may no longer be enough by Sven Grone Schneider Electric Safety Services Practice Leader Executive summary Since its
More informationexplosion protection automation global partner of the process industry
explosion protection automation global partner of the process industry 2 »Creating innovative solutions and sustaining customer focus is fundamental to our business and the success of our customers achieving
More informationApplying Buncefield Recommendations and IEC61508 and IEC Standards to Fuel Storage Sites
Applying Buncefield Recommendations and IEC61508 and IEC 61511 Standards to Fuel Storage Sites John Joosten Global Product Manager Radar and Safety John.Joosten@Honeywell.com Applying Buncefield Recommendations
More informationSAFETY ON A BROADER SCALE Safety and security for people, processes, plants, communities and environment
Phil Jarrell, Director Integrated Protective Solutions June, 2016 SAFETY ON A BROADER SCALE Safety and security for people, processes, plants, communities and environment 1 INTEGRATED PROTECTIVE SOLUTIONS
More informationMeasurement of Safety Integrity of E/E/PES according to IEC61508
Measurement of Safety Integrity of E/E/PES according to IEC61508 Mr. Chen Zhenkang TUV Rheinland Singapore 18. May. 2018 Singapore World Metrology Day 2018 1 Agenda 1. TÜV Rheinland: a Certification Body
More informationIEC PRODUCT APPROVALS VEERING OFF COURSE
IEC 61508 PRODUCT APPROVALS VEERING OFF COURSE Angela E. Summers, P.E., PhD, President, SIS-TECH Solutions, LP Published on-line: IEC 61508 Product Approvals Veering off Course, ControlGlobal.com, July
More informationSimply reliable: Process safety from Endress+Hauser
Products Solutions Services Simply reliable: Process safety from Endress+Hauser Safety by choice, not by chance: Functional Safety Slide 1 Oil & Gas industry Hai-Thuy Industry Manager Oil & Gas Slide 2
More informationIntroduction. Additional information. Additional instructions for IEC compliant devices. Measurement made easy
ABB MEASUREMENT & ANALYTICS SIL-SAFETY MANUAL TTH300, TTF300 Temperature transmitter Additional instructions for IEC 61508 compliant devices Measurement made easy TTH300 TTF300 Introduction TTH300, TTF300
More informationSafety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511
TÜV Rheinland International Symposium in China Functional Safety in Industrial Applications October 18 19, 2011 in Shanghai China Safety Integrity Verification and Validation of a High Integrity Pressure
More informationProtect your investment with Safety Manager
Honeywell.com 2014 Honeywell Users Group Americas Protect your investment with Safety Manager Erik de Groot 1 Document control number Honeywell Proprietary Need for Safety Honeywell Proprietary Honeywell.com
More information, CFSE, Senior Manager, ABB Taiwan;, 2011/9/2. Functional Safety. ABB Group September 5, 2011 Slide 1
, CFSE, Senior Manager, ABB Taiwan;, 2011/9/2 Functional Safety September 5, 2011 Slide 1 (Ken Meng) Computer Engineering /DCS/ 8 2 ABB Ltd DCS 12 ( 3 9 ) CFSE (Certified Functional Safety Expert) E-mail:
More informationBRIDGING THE SAFE AUTOMATION GAP PART 1
BRIDGING THE SAFE AUTOMATION GAP PART 1 Angela E. Summers, Ph.D., P.E, President, SIS-TECH Solutions, LP Bridging the Safe Automation Gap Part 1, Mary Kay O Conner Process Safety Center, Texas A&M University,
More informationFINAL DRAFT INTERNATIONAL STANDARD
IEC 62443-4-1 Edition 1.0 2017-11 FINAL DRAFT INTERNATIONAL STANDARD colour inside Security for industrial automation and control systems Part 4-1: Secure product development lifecycle requirements INTERNATIONAL
More informationAssessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry
Assessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry 1. Introduction Author: Colin Easton ProSalus Limited ~ Independent Safety Consultants Within the United
More informationFUNCTIONAL SAFETY: A PRACTICAL APPROACH FOR END-USERS AND SYSTEM INTEGRATORS
FUNCTIONAL SAFETY: A PRACTICAL APPROACH FOR END-USERS AND SYSTEM INTEGRATORS TINO VANDE CAPELLE 1, Dr. MICHEL HOUTERMANS 2, 3 1- HIMA Paul Hildebrandt GmbH + Co KG, Brühl, GERMANY 2 Risknowlogy, Brunssum,
More informationChanges in IEC Ed 2
1 Introduction As known IEC 61511 is the applicable standard for functional safety in the process industry. Defining the requirements for the specification, design, installation, operation and maintenance
More informationPepperl+Fuchs GmbH Lilienthalstrasse Mannheim Germany
PR-2010-1124PA-eng-Fieldbus planning Pepperl+Fuchs GmbH Lilienthalstrasse 200 68307 Mannheim Germany Please indicate the following contact information for publication: Tel.: +49 621 776-2222, Fax: +49
More informationOPTIMIZING YOUR TECHNOLOGY INVESTMENT WITH SERVICE AND SUPPORT
I Connected IndustriaI OPTIMIZING YOUR TECHNOLOGY INVESTMENT WITH SERVICE AND SUPPORT Total Care Field Services Maximize the Return on Your Technology Count on Honeywell Total Care Field Services to help
More informationexcellence in Dependable Automation
excellence in Dependable Automation We help our clients improve the safety, security, and availability of their automation systems. contents About Us 4 What We Do 6 Certification Program 8 Services Available
More informationSustain.Ability. Alarm Management: Be Pro-active, not Re-active Honeywell Users Group Europe, Middle East and Africa. Tyron Vardy, Honeywell
Sustain.Ability. 2012 Honeywell Users Group EMEA 2014 Honeywell Users Group Europe, Middle East and Africa Alarm Management: Be Pro-active, not Re-active Tyron Vardy, Honeywell Agenda Introduction Defining
More informationFunctional safety. Essential to overall safety
Functional safety Essential to overall safety What is Functional safety? In public spaces, factories, offices or homes; we are surrounded by an increasing number of electric and electronic devices and
More informationProcess Safety Workshop. Avoiding Major Accident Hazards the Key to Profitable Operations
CC & technical support services www.silsupport.com Process Safety Workshop Avoiding Major Accident Hazards the Key to Profitable Operations A two (2) day workshop with many practical methods, case studies
More informationARC BRIEF. MTL: Expanding Opportunities with a Focus on Fundamentals. Keywords. Summary. Analysis THOUGHT LEADERS FOR MANUFACTURING & SUPPLY CHAIN
ARC BRIEF OCTOBER 7, 2008 MTL: Expanding Opportunities with a Focus on Fundamentals By Larry O'Brien Keywords MTL, Cooper Crouse-Hinds, Elpro, Tofino, Intrinsically Safe Ethernet, Redundant FISCO, Wireless
More informationProtect your Investment with Safety Manager R160 and Integrated Fire and Solutions
Honeywell.com 2014 Honeywell Users Group Europe, Middle East and Africa Protect your Investment with Safety Manager R160 and Integrated Fire and Solutions 1 Erik de Groot, Honeywell Document control number
More informationSIL DETERMINATION AND PROBLEMS WITH THE APPLICATION OF LOPA
SIL DETERMINATION AND PROBLEMS WITH THE APPLICATION OF LOPA Alan G King Hazard & Reliability Specialist, ABB Engineering Services, Billingham, Cleveland UK. TS23 4YS For a number of years, industry has
More informationMNEC NFPA 72 WHITE PAPER
MNEC NFPA 72 WHITE PAPER In 2010, the National Fire Protection Assocation (NFPA), significantly changed their code # 72 (National Fire Alarm Code) and has forever improved the importance of communicating
More informationThe agri-motive safety performance integrity level Or how do you call it?
TÜV Rheinland InterTraffic GmbH Safety in Transportation 4 The agri-motive safety performance integrity level Or how do you call it? Dipl.-Ing. Sebastian Gräfling, TÜV Rheinland InterTraffic GmbH Contents
More informationPROCESS AUTOMATION TIME TO RELAX ADVANCED DIAGNOSTICS EXPERT SYSTEM AT WORK
PROCESS AUTOMATION TIME TO RELAX ADVANCED DIAGNOSTICS EXPERT SYSTEM AT WORK FIELDCONNEX ADVANCED DIAGNOSTIC SOLUTIONS Expert System Makes Your Life Easy A robust FOUNDATION Fieldbus H1 and PROFIBUS PA
More information100 & 120 Series Pressure and Temperature Switches Safety Manual
100 & 120 Series Pressure and Temperature Switches Safety Manual MECH-SM-01 1 INTRODUCTION This Safety Manual provides information necessary to design, install, verify and maintain a Safety Instrumented
More informationPractical Distributed Control Systems (DCS) for Engineers & Technicians. Contents
Practical Distributed Control Systems (DCS) for Engineers & Technicians Contents Chapter 1 Introduction to Computer Based Control Systems 1 1.1 Introduction to computer based measurement and control systems
More informationThis document is a preview generated by EVS
IEC 61511-1 Edition 2.0 2016-02 REDLINE VERSION colour inside Functional safety Safety instrumented systems for the process industry sector Part 1: Framework, definitions, system, hardware and software
More informationFailure Modes, Effects and Diagnostic Analysis
Failure Modes, Effects and Diagnostic Analysis Project: Detcon FP-700 Combustible Gas Sensor Customer: Detcon The Woodlands, TX USA Contract No.: DC 06/08-04 Report No.: DC 06/08-04 R001 Version V1, Revision
More informationHow many wireless networks does it take to optimize your plant?
How many wireless networks does it take to optimize your plant? One. Honeywell s OneWireless solutions provide the freedom and flexibility to creatively solve difficult challenges while cost effectively
More informationAPPLICATION STORY. Nuclear scientists choose PSS programmable safety system
19 December 2006 APPLICATION STORY Nuclear scientists choose PSS programmable safety system A new Australian Nuclear Science and Technology Organisation (ANSTO) experimental facility uses five Pilz PSS
More informationFunctional Safety: What It Is, Why It s Important And How to Comply
Functional Safety: What It Is, Why It s Important And How to Comply November 11, 2010 Copyright 1995-2010 Underwriters Laboratories Inc. All rights reserved. No portion of this material may be reprinted
More informationProcess Solutions. Solution Note. HC900 and OneWireless. Background. Applications. Key issues. Tanks in explosion-proof areas.
Process Solutions Solution Note HC900 and OneWireless Background A reliable, cost-efficient way to transmit data from field instruments to the control room is essential in a variety of industries across
More information2015 Functional Safety Training & Workshops
HAZAN RISK SIS SIF - IEC 61508/61511 - SIL PFD SFF CCF 2015 Functional Safety Training & Workshops Select the right course for your organisation from our extensive choice of Functional Safety related training
More informationSAFETY MANUAL. PointWatch Eclipse Infrared Hydrocarbon Gas Detector Safety Certified Model PIRECL
SAFETY MANUAL PointWatch Eclipse Infrared Hydrocarbon Gas Detector SIL 2 Certified Model PIRECL Safety Certified Model PIRECL PointWatch Eclipse IR Gas Detector This manual addresses the specific requirements
More informationPartners in Process Automation with Emerson Process Management for Intrinsic Safety
PROCESS AUTOMATION operational excellence SOLUTIONS FOR emerson CONTROL SYSTEMS Solutions for EmeRSON CONTROL SYSTems Partners in Process Automation with Emerson Process Management for Intrinsic Safety
More informationCertification Report of the ST 3000 Pressure Transmitter with HART 6
Certification Report of the ST 3000 Pressure Transmitter with HART 6 Revision No.: 2.4 Date: Report Number: 2010-Mar-18 SAS-190/2006T Product: ST 3000 Pressure Transmitter with HART 6 Customer: Order Number:
More informationTopic MYTH FUNCTIONAL SAFETY IMPLIES HAVING A SIL RATED COMPONENT. Presented by : Arunkumar A
Topic MYTH FUNCTIONAL SAFETY IMPLIES HAVING A SIL RATED COMPONENT Presented by : Arunkumar A DNV GL Who are we? Only by connecting the details can we impact the bigger picture We classify, certify, verify
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD IEC 61508-2 First edition 2000-05 BASIC SAFETY PUBLICATION Functional safety of electrical/electronic/ programmable electronic safety-related systems Part 2: Requirements for electrical/electronic/
More informationIEC Functional Safety Assessment
IEC 61508 Functional Safety Assessment Project: Detcon IR-700 Combustible Hydrocarbon Gas Sensor Customer: Detcon The Woodlands, TX USA Contract No.: Q13/06-003 Report No.: DC 13-06-003 R002 Version V1,
More informationSIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators
SIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators Rev 0, November 17 2015 Page 1 of 9 Table of Contents 1 INTRODUCTION 3 1.1 Terms and abbreviations 3 1.2 Acronyms 4 1.3
More informationManaging the Lifecycle of Independent Protection Layers
Managing the Lifecycle of Independent Protection Layers Patrick Fisher, Provenance Consulting, October 6, 2016 Overview What is an IPL? When is a safeguard an IPL? What makes a good IPL? What criteria
More informationIntelligent Keys. A smart solution for recurring revenue
Intelligent Keys A smart solution for recurring revenue Cloud-Based Services Benefits of the Cloud: For your customers: Ensures that a facility s database is always accessible, secure and up-to-date Enables
More informationReliability of Safety-Critical Systems Chapter 1. Introduction
Reliability of Safety-Critical Systems Chapter 1. Introduction Mary Ann Lundteigen and Marvin Rausand mary.a.lundteigen@ntnu.no & marvin.rausand@ntnu.no RAMS Group Department of Production and Quality
More informationUL Health Sciences Industry Case Study: Skanray Technologies
UL Health Sciences Industry Case Study: Skanray Technologies Skanray Technologies, Mysore India High Technology medical start-up company in India gains access to global regulatory markets by partnering
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD IEC 61511-3 First edition 2003-03 Functional safety Safety instrumented systems for the process industry sector Part 3: Guidance for the determination of the required safety integrity
More informationAFEX. fire suppression systems AFEXSYSTEMS.COM
AFEX fire suppression systems AFEXSYSTEMS.COM ABOUT US We are heavy equipment people specializing in fire protection. AFEX is uniquely positioned to meet your fire protection needs. We have dedicated 50
More information