8. What is it about ? 

What is functional safety?

The definition of IEC 61508 tells us that this is a subset of the overall safety related to the equipment or installation concerned and its control system, which depends on the correct operation of the systems Electrical / Electronic / Programmable Electronics related to safety and other external risk reduction devices.

Many specifications now refer to the standards of IEC 61508, and this is not always relevant. As a result, it is necessary for automation teams to have to develop safety systems alone, whereas these systems intervene transversally in the overall risk reduction strategy of an industrial installation or an infrastructure.

The series of standards from IEC 61508 answers the following questions:

  • Which "security / safety level" do I have to perform this function?
  • What should I do to achieve this "performance level"?

Through fundamental concepts:

  • The adaptation of normative requirements to a residual risk target by the level of safety integrity (SIL). 4 levels are defined, the prescription of a set of rules, techniques and methods, applicable according to the level targeted, taking into account security-related software aspects,
  • An assessment of the risk reduction obtained independently,
  • The definition of a safety life cycle,
  • 5 main areas of action:
    • Integrity of the development cycle of safety systems in the areas of specification, design and testing with the aim of eliminating and avoiding systematic failures, ie good project management,
    • Robustness of the design of safety systems by measures allowing tolerance to systematic failures (diagnostics, access control, environment, etc ...),
    • Respect of constraints on the hardware architecture of the security systems as part of the coverage rate to determine a safe failure rate,
    • Guarantee for safety systems with a maximum failure rate per hour or per demand,
    • Integrity and robustness of the safety system software design, concerning only systematic failures.

These standards constitute a repository for organization, evaluation and technical requirements that can be derived into a private and non-regulatory certification framework.à travers des concepts fondamentaux :


Why is cyber security?

Vulnerability analyzes of industrial networks (source RISI confirmed by the National Agency for the Security of Information Systems - ANSSI) shows that the origin of security incidents is as follows:

  • Accidental: 50%
  • Malware: 30%
  • External attacks: 11%
  • Internal attacks: 9%

Moreover, the highest cyber attacks are recorded in the following sectors (in descending order and for those representing more than 5% of attacks):

  • Energy: 19%
  • Oil: 18%
  • Transportation: 16%
  • Water treatment and distribution: 13%
  • Agri-food: 8%
  • Chemistry: 7%
  • Manufacturer: 5%

We can highlight the characteristic features of industrial computer systems that are important constraints for the development of risk reduction strategies.

Risk: Risks faced by systems in use with process equipment (automation) are relatively stable over time, and risk analyzes must be taken only when the system is modified. The risks faced by tertiary-type systems are unstable and change daily. The probability of an attack should be considered equal to 1 as soon as a vulnerability exists.

The system: the global system (incorporating telecommunication and energy supply operators) is dynamic. An isolated operator is not able to analyze the dependencies and is therefore not able to understand the global problems that arise.

The safety of the gigantic: The models are necessarily incomplete and the scaling is not representative because of the simplifying assumptions that are emitted. Emerging properties are unknown, which requires predicting the unknown component.

Mechanics of incidents: In functional safety, common modes are rarely dominant. If this proves to be the case, this would reveal a particularly weak design. In computer security, the common mode is precisely the point where the attack will carry in most cases. The effects of incidents are characterized by cascade linkages aggravated by external systemic dependencies such as telecommunication networks and energy supply.