Holistic approach to industrial safety and security
Holistic approach to industrial safety and security
In manufacturing, the growing connectivity between machines or across facilities and systems is a key factor in driving the transformation from Industry 3.0 to the data-led Industry 4.0. The benefits of this increasing connection are abundant; not only does it allow for the fast and extensive flow of information and therefore a higher level of transparency, but it also enables a quicker reaction to events, resulting in higher efficiencies.
However, this increasing connectivity also presents new risks in the way it exposes system vulnerabilities, especially in regard to cybersecurity attacks. In this environment, a holistic and integrated approach to industrial safety and security is key to the effective mitigation of risk.
Security measures in production environments are often over simplified and might not take into account the full risk posed by cyberattacks. Measures are often limited to basic cybersecurity controls for functional safety components, or simple additions to pre-existing protocols that fail to identify and manage the negative consequences of a cyberattack.
To fully understand this new risk landscape, it is important to identify the attacker's intentions, as these can vary greatly; from demands of ransom to espionage or even sabotage. It is also essential to be aware of the potential consequences of cybersecurity attacks.
These include:
With this in mind, it’s important to be wary that a cyberattack can endanger not only an organization's overall processes, but its competitive edge, putting employees, customers and industrial goods at risk.
In each of the cases listed above, the incidents are typically caused by proactive manipulation through a cyberattack. However, most standards outlining requirements for plant safety, including the EU Machinery Directive 2006/42/EG, do not include an assessment of such manipulations, nor do they detail the potential consequences. The scope of these standards is limited to the risks resulting from intended use as well as reasonably foreseeable misuse. As such, a classic approach to safety risk assessment might not be extensive enough to detect dangerous situations resulting from malicious cyber activity. This means that the resulting safety and security measures could prove to be incomplete and insufficient.
Many drafts for new and updated safety standards (including those focused on cybersecurity and product safety) include recommendations or stringent requirements for a holistic approach to industrial safety. Consequently, safety assessments will need to adapt to meet the new demands.
Operators and integrators, and manufacturers or suppliers of machinery and components, are advised to stay on top of these developments and act proactively to ensure industrial safety compliance. As the number of industrial cyberattacks increases, customers and other stakeholders may already expect measures to be implemented to secure vital systems.
As standards for a holistic approach to industrial risk assessment are still under development, organizations need to identify a suitable approach for balancing the complexity of the new risk landscape with financial limitations and requirements. Resources should be invested effectively to ensure that critical risks are mitigated, and industrial security is safeguarded. Our service for Enhanced Risk Assessment was designed to solve this challenge for companies across the manufacturing industry.
The TÜV SÜD Enhanced Risk Assessment (ERA) service combines the classic safety assessment processes with proven cybersecurity risk assessment methodology in accordance with IEC 62443. This combination allows us to focus on the individual safety goals of a specific customer.
For example:
To fully understand the risk landscape and prevent serious consequences, the Enhanced Risk Assessment approach combines cybersecurity vulnerability analysis with the identification of safety hazards. By merging the methodologies of vulnerability analysis and machinery safety risk assessment, ERA will systematically expose unknown, unwanted and unsafe situations that a potential cyberattack could cause. By assessing all relevant factors, we are able to align the industrial risk assessment and cybersecurity risk management processes to help identify effective measures. The resulting risk figures for cyber-physical systems demonstrate the impact of the selected measures (safety, security), therefore providing a clear overview of the impact of risk mitigation.
As the scope of the assessment is derived from the specific safety goals of your organization, you will be heavily involved in the ERA's holistic safety assessment. Contact us today to learn more and improve your safety and security measures.
Learn about dynamic safety in a flexible manufacturing environment
Learn More
Site Selector
Global
Americas
Asia
Europe
Middle East and Africa