Functional integrity certification exida

  • 1,845 views
Uploaded on

Shanghai: Oil Gas Petrochemical Seminar: exida presentation (Koen Leekens)

Shanghai: Oil Gas Petrochemical Seminar: exida presentation (Koen Leekens)

More in: Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,845
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
168
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Functional Integrity Certification Functional Integrity Certification ™The First Combined Certification for Functional Safety and Functional Security Shanghai, 16 March 2011 Koen Leekens Exida Contacts Singapore +65 6222 5160 Canada +1 403 475 1943 Shanghai +86 21 5171 7250 United Kingdom +44 2476 456 195 Hong Kong g g +852 2633 7727 Netherlands +31 318 414 505 Germany +49 89 4900 0547 Australia / NZL +64 3 472 7707 USA +1 215 453 1720 Mexico +52 55 5611 9858 Switzerland +41 22 364 14 34 South Africa +27 31 267 1564 Copyright exida LLC ® 2000-2011
  • 2. “SAFETY” is not “SECURITY” Piper Alpha 1988 Piper Alpha 1988 “Lessons learned” improve Safety Copyright exida LLC ® 2000-2011
  • 3. “Disabled” Safety is not SAFE! Incident with “Certified” Boiler Anti‐Virus Software  Prevents Safety Shutdown Source www.securityincidents.org y g Copyright exida LLC ® 2000-2011
  • 4. “Disabled” Safety is not SAFE!Advanced Technology introduces  introduces new THREATS? Explosion of “Certified” Boiler p Anti‐Virus Software  Prevents Safety Shutdown Source www.security incidents.org y g Copyright exida LLC ® 2000-2011
  • 5. exida Functional Integrity Certification™Functional Integrity Certification™  Functional Safety Certification ™ + Functional Security Certification  Functional Security Certification ™ “Integrity is doing the right thing,  “I i i d i h i h hi even if nobody is watching.” (Anonymous) Copyright exida LLC ® 2000-2011
  • 6. Who we are Founded in 1999 by experts from Manufacturers, End Users,  g g p Engineering Companies and TÜV Product Services Today: LARGEST Functional Safety and Cyber Security  consultancy and certification body worldwide  “Provide independent services and tools to help customers  comply to any industry standards for Functional Safety, Cyber  py y y f f y, y Security and Alarm Management” Rainer Faller Dr. William Goble Former Head of TÜV Product Services Ü Former Director Moore Industries Chairman German IEC 61508 Developed FMEDA Technique (PhD) Global Intervener ISO 26262 / IEC 61508 Author of several Safety Books Author of several Safety Books Author of several Reliability Books Author of IEC 61508 parts Copyright exida LLC ® 2000-2011
  • 7. Where we are Copyright exida LLC ® 2000-2011
  • 8. What we doEXIDA SCOPE Functional  SERVICES  INDUSTRIESSafety Tools  CUSTOMERS Process  Industry End Users End UsersCyber  Training Equipment  Automotive ySecurity Manufacturer Consultancy C lt Machine  M hi Industry Engineering  CompaniesReliability Certification Power  Industry I d System  S t IntegratorsAlarm  Reference  RailManagement Materials Copyright exida LLC ® 2000-2011
  • 9. The exida Library  exida publishes analysis q techniques for functional  safety exida authors ISA  best‐ sellers for automation best sellers for a tomation safety and reliability exida authors industry data  handbook on equipment failure equipment failure data www.exida.com www exida com Copyright exida LLC ® 2000-2011
  • 10. exida Customers (extract from 2000+) Copyright exida LLC ® 2000-2011
  • 11. What is…? Functional Safety: Copyright exida LLC ® 2000-2011
  • 12. What is…? Functional Safety: f f y p g y “Part of overall safety to protect against incidents caused by  incorrect functioning of components/systems” Copyright exida LLC ® 2000-2011
  • 13. Why Functional Safety? To provide a safer working environment for people, that is to  save lives and protect the environment save lives and protect the environment To demonstrate compliance with regulatory requirements,  that is to avoid fines To protect investments in plant and equipment and insure  continuous operations, that is to save money Copyright exida LLC ® 2000-2011
  • 14. What is…? SIL: “The Safety Integrity Level is a measure for the  ff f f y effectiveness of the risk reduction that each individual Safety  Function is expected to provide” Copyright exida LLC ® 2000-2011
  • 15. History of Functional Safety Standards1960 1990 1995 2000 2005 2010 2015 RELAY Predictable  Failures F il Copyright exida LLC ® 2000-2011
  • 16. History of Functional Safety Standards1960 1990 1995 2000 2005 2010 2015 PLC Failure  Modes? DIN 31000 Copyright exida LLC ® 2000-2011
  • 17. History of Functional Safety Standards1960 1990 1995 2000 2005 2010 2015 Safety PLC “AK‐Classes”  S84.01 1996 DIN V 19250 DIN 31000 Copyright exida LLC ® 2000-2011
  • 18. History of Functional Safety Standards1960 1990 1995 2000 2005 2010 2015 Safety Loop “Functional” ISO 26262 IEC 62061 S84.01 2004 IEC 61511 IEC 61513 IEC 61508 S84.01 1996 DIN V 19250 DIN 31000 Copyright exida LLC ® 2000-2011
  • 19. History of Functional Safety Standards1960 1990 1995 2000 2005 2010 2015 Safety Loop “Functional” Also Secure? ISO 26262 IEC 62061 S84.01 2004 IEC 61511 IEC 61513 IEC 61508 S84.01 1996 DIN V 19250 DIN 31000 Copyright exida LLC ® 2000-2011
  • 20. Which Standard? IEC 61508 6 08 Functional Safety for E/E/PES Safety Related Systems Copyright exida LLC ® 2000-2011
  • 21. Which Standard? IEC 61508 6 08 Functional Safety for E/E/PES Safety Related Systems IEC 61513 IEC 61513 IEC 62061 IEC 62061 IEC 61511 IEC 61511 ISO 26262 ISO 26262 Nuclear Machinery Process Industry Road Vehicles Copyright exida LLC ® 2000-2011
  • 22. Which Standard? Device Manufacturers or Sector Specific Not Available IEC 61508 Functional Safety for E/E/PES Safety Related Systems IEC 61513 IEC 61513 IEC 62061 IEC 62061 IEC 61511 IEC 61511 ISO 26262 ISO 26262 Nuclear Machinery Process Industry Road Vehicles Copyright exida LLC ® 2000-2011
  • 23. Which Standard? Device Manufacturers - Sector Specific Not Available IEC 61508 Functional Safety for E/E/PES Safety Related Systems IEC 61513 IEC 61513 IEC 62061 IEC 62061 IEC 61511 IEC 61511 ISO 26262 ISO 26262 Nuclear Machinery Process Industry Road Vehicles End Users - Systems Integrators Copyright exida LLC ® 2000-2011
  • 24. What do accidents teach us? Seveso 1976 Buncefield 2005 Bhopal 1984 Flixborough 1974 Copyright exida LLC ® 2000-2011
  • 25. Primary Cause of Failures? Installation and Commission Design and Implementation Specification Operation and Maintenance More than  Changes after 80% of Failures  Commission Source Health, Safety & Environmental Agency Before Startup  The majority of accidents are: … Preventable if a systematic Risk Based Approach is adopted… Risk‐Based Approach is adopted Copyright exida LLC ® 2000-2011
  • 26. IEC 61508/61511 Key AspectsSafety Integrity Levels to protect against Random Failures Physical or Hardware FailuresSafety Lifecycle to protect against Systematic Failures Insufficient Processes and Procedures Both protection  measures are measures are  Important “Having incomplete safety is worse than no safety at  “H i i l t f t i th f t t all  because people are lulled into complacency  thinking that safety is managed thinking that safety is managed”  Copyright exida LLC ® 2000-2011
  • 27. Product Certification Functional safety certification for devices is accomplished  p per IEC 61508 Products are certified to a Safety Integrity Level (SIL) The result is typically a certificate and a certification report SIL Certification  SIL Certification Vendor  showed sufficient protection against Random and  Systematic Failures Copyright exida LLC ® 2000-2011
  • 28. Certification versus Prior Use? Certificate Prior Use Certificate Justification  by Vendor by Vendor by User by User Copyright exida LLC ® 2000-2011
  • 29. How to certify a device? Copyright exida LLC ® 2000-2011
  • 30. How to certify a device?1. Analyze Hardware Reliability Copyright exida LLC ® 2000-2011
  • 31. How to certify a device?1. Analyze Hardware Reliability2. Analyze Gaps between existing processes and IEC 61508 Analyze Gaps between existing processes and IEC 61508 Copyright exida LLC ® 2000-2011
  • 32. How to certify a device?1. Analyze Hardware Reliability2. Analyze Gaps between existing processes and IEC 61508 Analyze Gaps between existing processes and IEC 61508 Fix Product and  Process Gaps Process Gaps Copyright exida LLC ® 2000-2011
  • 33. How to certify a device?1. Analyze Hardware Reliability2. Analyze Gaps between existing processes and IEC 61508 Analyze Gaps between existing processes and IEC 61508 Process Gaps Process Gaps Fix Product and  Fix Product and  Fix Product and  Fix Product and Fix Product and Process Gaps Process Gaps3. Safety Justification Report listing how the requirements  are met Exida Tools  for 1,2 and 3 , Copyright exida LLC ® 2000-2011
  • 34. How to certify a device?1. Analyze Hardware Reliability2. Analyze Gaps between existing processes and IEC 61508 Analyze Gaps between existing processes and IEC 61508 Process Gaps Process Gaps Fix Product and  Fix Product and  Fix Product and  Fix Product and Fix Product and Process Gaps Process Gaps3. Safety Justification Report listing how the requirements  are met for Product and Process f P d dP4. Final Assessment by Independent 3rd Party  Copyright exida LLC ® 2000-2011
  • 35. How to certify a device?1. Analyze Hardware Reliability2. Analyze Gaps between existing processes and IEC 61508 Analyze Gaps between existing processes and IEC 61508 Process Gaps Process Gaps Fix Product and  Fix Product and  Fix Product and  Fix Product and Fix Product and Process Gaps Process Gaps3. Safety Justification Report listing how the requirements  are met for Product and Process f P d dP4. Final Assessment by Independent 3rd Party5. Certificate and Certification Report5 Certificate and Certification Report Copyright exida LLC ® 2000-2011
  • 36. So what about Functional Security? Security vulnerabilities impact the operation of the Safety  y System Safety ONLY  is not  enough Disgruntled Contractor  i l d “Hacks” Pipeline Leak  Detection System Source www.securityncidents.org Copyright exida LLC ® 2000-2011
  • 37. What is…? Functional Security:  g f “Protection against intentional or unintentional interference  with the proper operation of systems/components”  Copyright exida LLC ® 2000-2011
  • 38. Which Standards? ISA 99 ISA‐99 IEC 62443 SP800‐82 CSA Z246.1 Copyright exida LLC ® 2000-2011
  • 39. Functional Security Certification ™ 1. Analyze Hardware Reliability (ISCI) 2. Analyze Gaps between existing processes and ISA‐99 Analyze Gaps between existing processes and ISA 99 Process Gaps Process Gaps Fix Product and  Fix Product and  Fix Product and  Fix Product and Fix Product and Process Gaps Process Gaps 3. Security Justification Report listing how the requirements  are met for Product and Process tf P d t dP 4. Final Assessment by Independent 3rd Party 5. Certificate and Certification Report 5 Certificate and Certification Report Copyright exida LLC ® 2000-2011
  • 40. Functional Security Certification ™ 1. Analyze Hardware Reliability (ISCI) 2. Analyze Gaps between existing processes and ISA‐99 Analyze Gaps between existing processes and ISA 99 Process Gaps Process Gaps Security is  Fix Product and  Fix Product and  Fix Product and  Fix Product and Fix Product and Process Gaps Process Gaps patterned to Safety d f 3. Security Justification Report listing how the requirements  are met for Product and Process tf P d t dP 4. Final Assessment by Independent 3rd Party 5. Certificate and Certification Report 5 Certificate and Certification Report Copyright exida LLC ® 2000-2011
  • 41. Who can certify Safety and Security? Verify Market Recognition: Competency defined by Customers Other 25.9% Nobody Certifies  Other 8.3% the CERTIFIER h CERTIFIER Wurldtech 0.9% Wurldtech 0.0% TUV Sud 1.7% TUV Sud 3.1%TUV Rhineland 6.9%TUV Rhineland 12.2% TUV Nord 1.7% TUV Nord 1.7% Yellow – International list  Blue ‐ North America list exida 17.2% exida 60.7% Other includes: SIRA, CSA, FM, UL, BASEEFA, INERIS, DNV and many Copyright exida LLC ® 2000-2011
  • 42. Who can certify Safety and Security? y g p y y Verify Market Recognition: Competency defined by Customers Verify Experience: Number of Certifications Fast  Time‐to‐Market Number of Certificates - Currently Marketed ProductsCertification Agency Sensors g y Logic Solvers Final Element Total gTUV X 5 2 4 11TUV Y 4 3 0 7TUV Z 4 14 9 27exida 32 6 55 93 9/17/2010 Copyright exida LLC ® 2000-2011
  • 43. How to select the certifier?NOBODY CERTIFIES THE CERTIFIER Verify Market Recognition: Competency defined by Customers Verify Experience: Number of Certifications Verify Excellence / Competency: Involvement of the company with the  IEC and ISA standards  for Safety and Security y y Verify availability of 3rd party Assessment of Certifier Market Support Data: Provision of Failure Rate Databases, Books,  Whitepapers, Templates… Whitepapers Templates Broad Capabilities: Functional safety and Functional Security Certification Copyright exida LLC ® 2000-2011
  • 44. “Bypassed” Safety is not SAFE! Disgruntled Contractor  Piper Alpha 1988 “Hacks” Pipeline Leak  “Lessons learned” improve  Detection System Safety Source www.security incidents.org Copyright exida LLC ® 2000-2011
  • 45. “Bypassed” Safety is not SAFE! The Best Safety is  Useless when  DISABLED Disgruntled Contractor  Piper Alpha 1988 “Hacks” Pipeline Leak  “Lessons learned” improve  Detection System Safety Source www.security incidents.org Copyright exida LLC ® 2000-2011
  • 46. “Bypassed” Safety is not SAFE! Both SAFETY and SECURITY Matter Disgruntled Contractor  Piper Alpha 1988 “Hacks” Pipeline Leak  “Lessons learned” improve  Detection System Safety Source www.security incidents.org Copyright exida LLC ® 2000-2011
  • 47. Security Certified Control Systems   Copyright exida LLC ® 2000-2011
  • 48. exida Functional Integrity Certification™Functional Integrity Certification™  Functional Safety Certification ™ + Functional Security Certification ™ y “Integrity is doing the right thing,  “I i i d i h i h hi even if nobody is watching.” (Anonymous) Copyright exida LLC ® 2000-2011
  • 49. Copyright exida LLC ® 2000-2011