SlideShare a Scribd company logo

Why SIL3 (ENG)

ie-net ingenieursvereniging vzw
ie-net ingenieursvereniging vzw

SIL 3, SIL 4 Safety PLC's Why should we invest in safety? Functional safety standards SIL levels Source: HIMA

Engineering
1 of 38
Download to read offline
Why SIL3? Josse Brys TUV Engineer j.brys@hima.com
22 Agenda • Functional Safety • Good planning if specifications are not right? • What is the difference between a normal safety and SIL3 loop? • How do systems achieve safety? • Layers of protection • Are you safe if you buy a SIL3 PLC? • Safety & non safety in one application or separate safety and non-safety • Cyber security
33 HIMA SIS Introduction : HIMA helps to prevent:
44 HIMA: Safety Systems Others: Safety is small part of their business HIMA SIS SIS Others Introduction HIMA HIMA is focused on Safety Systems
55 SIL 3, SIL4 Safety PLC’s Railways TMC BCS ESD F&G HIPPS Pipeline Logistics Nuclear HIMA solutions for Introduction HIMA
66 Safety ? Why should we invest in safety? ‣ You think safety is expensive, try an accident… ‣ Today an accident cost more than 10x the investment in the process ‣ We have had terrible accidents in the past ‣ We learned, but accidents with serious impact still happen today
77 Functional Safety Standards
88 Safety Integrity Level - SIL SIL is how we measure the performance of safety functions carried out by safety instrumented systems SIL has 3 sides to the story ‣ Process owners: Which safety functions do I need and how much SIL do I need? ‣ Engineering companies, system integrators, product developers: How do I build SIL compliant safety devices, functions or systems? ‣ Process operators: How do I operate, maintain and repair safety functions and systems to maintain the identified SIL levels?
99 SIL levels Risk reduction
1010 SIL levels Most famous SIL requirement is the Probability of Failure on Demand PFDavg = Probability of Failure on Demand average
1111 Functional Safety A safety instrumented system is 100% functionally safe if All random, common cause and systematic failures do not lead to malfunctioning of the safety system and do not result in ‣ Injury or death of humans ‣ Spills to the environment ‣ Loss of equipment or production ‣ 100% functional safety does not exist but SIL 1, 2, 3 or 4 does
1212 Common cause does not happen? Complete plant flooded because of heavy rainfall, bad drainage and dike
1313 Good planning if specifications are not right? IEC 61508 Lifecycle Concept
1414 Good planning if specifications are not right? Lifecycle & Frequency of Failures
1515 Good planning if specifications are not right? Think the following: Your specifications = a red car with a horse What would you get?
1616 A red car with a horse
1717 A red car with a horse
1818 What is the difference between a normal safety and SIL3 loop? • SIL 1 Typically easy to achieve using standard components • Through the selection of certified components, can achieve SIL 2 with single channel sensing or final elements • Still need to consider the systematic capability for the devices, however these are less stringent for SIL 1 or 2 • Lifecycle cost typically the same as a normal BPCS loop. NORMAL LOOP BPCS = Basic Process Control System
1919 • Redundancy requirements for sensing and final elements Required by Tables 2 and 3 of 61508-2. Based on SFF Safe Failure Fraction = A measure of the effectiveness of the fail safe design and/or the built-in diagnostic tests Depending on the logic solver, can be single channel • Proof Test Coverage can be a limiting factor • Systematic requirements higher Requires careful selection of devices to ensure this is achieved. May rule out your normal supplier • Life cycle cost much higher What is the difference between a normal safety and SIL3 loop? SIL 3 LOOP
2020 • The higher the SIL the more techniques and measures are required to detect, control and avoid human error • SIL 1 Typically easy to achieve using a standard QMS system with added competence requirements • SIL 2 requires an “advanced” system with competence management and reliance on testing • SIL 3 has stringent requirements governing diversity in design, competence of a high order and stringent testing requirements What is the difference between a normal safety and SIL3 loop?
2121 How do systems achieve safety? Safety Instrumented System
2222 How do systems achieve safety? 1oo3
2323 How do systems achieve safety? Input Output 2oo3 A B C Voting systems 2oo3 Voting 1oo2D Diagnostic systems Diagnostics Diagnostics Input Output µP µP Diag. Diagnostics Diagnostics Diagnostics
2424 How do systems achieve safety?
2525 Layers of protection Increase safety and cyber security prevent mitigate
2626 Layers of protection Specific • must be specifically designed to be capable of preventing the consequences of the potentially hazardous event Independent • must be completely independent from all other protection layers Dependable • must be capable of acting dependably to prevent the consequence from occurring (systematic and random faults) Auditable • must be tested and maintained to ensure risk reduction is continually achieved
2727 Layers of protection – The 3 “ENOUGHS” • Big Enough • Must be big enough to cope the with the potential hazard • Fast Enough • Must be fast enough to sense and react to prevent the potential • Strong Enough • Must be able to survive all arising situations when preventing the hazardous event.
2828 Are you safe if you buy a SIL3 PLC? • NO!!! • Need to consider Sensing and final elements • Need to consider Systematic Capability This applies to the integrator of the Logic Solver – important to look at their quality system Apples to the installer of the Safety Integrated Functions – important to look at their quality system • Need to carefully consider Proof Test Intervals and Proof test coverage Short proof test intervals should be avoided as the testing requirements often require plant shutdown Incorrect to assume that the proof test is perfect This can have a profound effect on the result because we are dealing with very small numbers
2929 Safety & non safety in one application or separate safety and non-safety • Considerations for separating: Hazards are caused by the non safety application Risk assessment not able to separate the causes Required by Buncefield recommendation 3 – “physical and electrical independence” Need for Cyber security • Considerations for systematic capability!!! Often the same person programming the non-safety will be programming the safety!
3030 Safety & non safety in one application or separate safety and non-safety prevent mitigate
3131 Safety & non safety in one application or separate safety and non-safety The risk we talk about is related to a hazard ‣ Risk is a combination of ‣ The severity of consequences (C) ‣ The frequency of occurrence (F) ‣ Risk = C x F Risksafety = probability of a damage * potential of the damage
3232 Security is a foundation for safety. Functional safety Risksafety = probability of a damage * potential of the damage World Sys. +Cyber security Risksecurity = threat * vulnerability * potential of the damage World Sys. Safety World Sys.
3333 Compartmentalize. Avoid universal access. Enterprise Plant DMZ Control Center SIS BPCS Plant Conduit Conduit Conduit Internet
3434 Security is a process. Risk analysis Protect Detect React Security is a process to reduce the risk of damage due to external influence. This process can be supported by technical measures. Source: IEC 62443-3-3 Both the IEC 61511 (safety) and the draft of the IEC 62 443 (security) demand to build systems in multiple layers of protection. (Defense in the Depth) Enterprise Plant DMZ Control Center SIS BPCS Plant Conduit Conduit Conduit Internet
3535 Segregation of non safe networks. Besides the usage of VLAN HIMax offers a complete segregation. This interference free implementation guarantees segregated networks even for non safe protocols. Max. Safety (SIL3). Max. Availability for safeethernet. Max. Availability for non safe communication. X-CPU X-SB RJ45 Safety-Net X-COM RJ45 Field Net X-COM RJ45 DCS-Net
3636 Security is supported by HIMA Products: High quality development process HIMA products are developed for safety following the four eyes principle Only documented ports for communication available no backdoor Minimal attack surface, only required services are integrated. Systematic use separate system supports the avoidance of common cause failures and the multi-layer protection concept. Products with Security Features Segregation of safety network (CPU) and non safety network (COM) Standard Ethernet protocols can be used with any firewall. blocking of control function via key switch Display of program changes in the DCS system via CRC Unused physical ports can be closed by using port-based VLAN. High-quality programming environment SILworX checks all software components prior to use. Code comparison to detect changes in the user program. 2-level user management Simple Project backup (one file) User access in Windows is sufficient. Secure OPC Server runs as a service, no login to Windows is required.
3737 Be reluctant to trust. … even vendors of secure products have to admit failures.
3838 Always the right solution ? 38 HIMA can help you getting the right solution and have the right safety system you need! Maximum security and availability

Recommended

Functional integrity certification exida
Functional integrity certification exidaFunctional integrity certification exida
Functional integrity certification exidaKoenLeekens
 
Hirschmann: Automotive SPICE Requirements for development process and tools
Hirschmann: Automotive SPICE Requirements for development process and tools Hirschmann: Automotive SPICE Requirements for development process and tools
Hirschmann: Automotive SPICE Requirements for development process and tools Intland Software GmbH
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
PPT Presentation for ISO 50001 training
PPT Presentation for ISO 50001 trainingPPT Presentation for ISO 50001 training
PPT Presentation for ISO 50001 trainingGlobal Manager Group
 
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance 19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance Intland Software GmbH
 
ISO 26262 introduction
ISO 26262 introductionISO 26262 introduction
ISO 26262 introductionKoenLeekens
 
SIL.ppt
SIL.pptSIL.ppt
SIL.pptKrishna Yadav
 
Electronic batch manufacturing record
Electronic batch manufacturing recordElectronic batch manufacturing record
Electronic batch manufacturing recordRatan Agarwal
 

Recommended

Functional integrity certification exida
Functional integrity certification exidaFunctional integrity certification exida
Functional integrity certification exidaKoenLeekens
 
Hirschmann: Automotive SPICE Requirements for development process and tools
Hirschmann: Automotive SPICE Requirements for development process and tools Hirschmann: Automotive SPICE Requirements for development process and tools
Hirschmann: Automotive SPICE Requirements for development process and tools Intland Software GmbH
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
PPT Presentation for ISO 50001 training
PPT Presentation for ISO 50001 trainingPPT Presentation for ISO 50001 training
PPT Presentation for ISO 50001 trainingGlobal Manager Group
 
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance 19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance Intland Software GmbH
 
ISO 26262 introduction
ISO 26262 introductionISO 26262 introduction
ISO 26262 introductionKoenLeekens
 
SIL.ppt
SIL.pptSIL.ppt
SIL.pptKrishna Yadav
 
Electronic batch manufacturing record
Electronic batch manufacturing recordElectronic batch manufacturing record
Electronic batch manufacturing recordRatan Agarwal
 
Sil target selection verification exida
Sil target selection verification exidaSil target selection verification exida
Sil target selection verification exidaKoenLeekens
 
Safety instrumented systems angela summers
Safety instrumented systems angela summers Safety instrumented systems angela summers
Safety instrumented systems angela summers Ahmed Gamal
 
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationIntroduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationISA Boston Section
 
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyFrequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyEmbitel Technologies (I) PVT LTD
 
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001Global Manager Group
 
IEC 62061 introduction
IEC 62061 introductionIEC 62061 introduction
IEC 62061 introductionKoenLeekens
 
Alarm management at DeltaV
Alarm management at DeltaVAlarm management at DeltaV
Alarm management at DeltaVRobert-Emmanuel Mayssat
 
Celonis_TISAX_Compliance_1_.pdf
Celonis_TISAX_Compliance_1_.pdfCelonis_TISAX_Compliance_1_.pdf
Celonis_TISAX_Compliance_1_.pdfChandra Rao
 
MES (Manufacturing Execution System) Pocket Guide
MES (Manufacturing Execution System) Pocket GuideMES (Manufacturing Execution System) Pocket Guide
MES (Manufacturing Execution System) Pocket GuideVera Leonik-Shilyaeva
 
Basic training water based fire protection
Basic training water based fire protectionBasic training water based fire protection
Basic training water based fire protectionSabrul Jamil
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextDavid Sweigert
 
Fm 200 system - working and isolation method
Fm 200 system - working and isolation method Fm 200 system - working and isolation method
Fm 200 system - working and isolation method Simon Paul
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Novec 1230
Novec 1230Novec 1230
Novec 1230Vinod Kumar Nehta
 
Standards and protocols instrumentation ( typical)
Standards and protocols instrumentation ( typical)Standards and protocols instrumentation ( typical)
Standards and protocols instrumentation ( typical)Stephanus Roux C Eng , IntPE(uk) , FIET
 
ISO 45001:2018 slide show
ISO 45001:2018 slide show ISO 45001:2018 slide show
ISO 45001:2018 slide show Vinay Kumar Srivastava
 
Best Approach to Integrate ISO 9001 and ISO 27001 Simultaneously
Best Approach to Integrate ISO 9001 and ISO 27001 SimultaneouslyBest Approach to Integrate ISO 9001 and ISO 27001 Simultaneously
Best Approach to Integrate ISO 9001 and ISO 27001 SimultaneouslyPECB
 
1. safety instrumented systems
1. safety instrumented systems1. safety instrumented systems
1. safety instrumented systemsSaiful Chowdhury
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
DALI (Digital Addressable Lighting Interface)
DALI (Digital Addressable Lighting Interface)DALI (Digital Addressable Lighting Interface)
DALI (Digital Addressable Lighting Interface)FSP Technology Inc.
 
lenner.pptx
lenner.pptxlenner.pptx
lenner.pptxSreekanthMylavarapu1
 
0 safety presentation master v1
0 safety presentation master v10 safety presentation master v1
0 safety presentation master v1confidencial
 

More Related Content

What's hot

Sil target selection verification exida
Sil target selection verification exidaSil target selection verification exida
Sil target selection verification exidaKoenLeekens
 
Safety instrumented systems angela summers
Safety instrumented systems angela summers Safety instrumented systems angela summers
Safety instrumented systems angela summers Ahmed Gamal
 
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationIntroduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationISA Boston Section
 
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyFrequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyEmbitel Technologies (I) PVT LTD
 
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001Global Manager Group
 
IEC 62061 introduction
IEC 62061 introductionIEC 62061 introduction
IEC 62061 introductionKoenLeekens
 
Celonis_TISAX_Compliance_1_.pdf
Celonis_TISAX_Compliance_1_.pdfCelonis_TISAX_Compliance_1_.pdf
Celonis_TISAX_Compliance_1_.pdfChandra Rao
 
MES (Manufacturing Execution System) Pocket Guide
MES (Manufacturing Execution System) Pocket GuideMES (Manufacturing Execution System) Pocket Guide
MES (Manufacturing Execution System) Pocket GuideVera Leonik-Shilyaeva
 
Basic training water based fire protection
Basic training water based fire protectionBasic training water based fire protection
Basic training water based fire protectionSabrul Jamil
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextDavid Sweigert
 
Fm 200 system - working and isolation method
Fm 200 system - working and isolation method Fm 200 system - working and isolation method
Fm 200 system - working and isolation method Simon Paul
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Best Approach to Integrate ISO 9001 and ISO 27001 Simultaneously
Best Approach to Integrate ISO 9001 and ISO 27001 SimultaneouslyBest Approach to Integrate ISO 9001 and ISO 27001 Simultaneously
Best Approach to Integrate ISO 9001 and ISO 27001 SimultaneouslyPECB
 
1. safety instrumented systems
1. safety instrumented systems1. safety instrumented systems
1. safety instrumented systemsSaiful Chowdhury
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
DALI (Digital Addressable Lighting Interface)
DALI (Digital Addressable Lighting Interface)DALI (Digital Addressable Lighting Interface)
DALI (Digital Addressable Lighting Interface)FSP Technology Inc.
 

What's hot (20)

Sil target selection verification exida
Sil target selection verification exidaSil target selection verification exida
Sil target selection verification exida
 
Safety instrumented systems angela summers
Safety instrumented systems angela summers Safety instrumented systems angela summers
Safety instrumented systems angela summers
 
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationIntroduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL Certification
 
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyFrequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
 
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
 
IEC 62061 introduction
IEC 62061 introductionIEC 62061 introduction
IEC 62061 introduction
 
Alarm management at DeltaV
Alarm management at DeltaVAlarm management at DeltaV
Alarm management at DeltaV
 
Celonis_TISAX_Compliance_1_.pdf
Celonis_TISAX_Compliance_1_.pdfCelonis_TISAX_Compliance_1_.pdf
Celonis_TISAX_Compliance_1_.pdf
 
MES (Manufacturing Execution System) Pocket Guide
MES (Manufacturing Execution System) Pocket GuideMES (Manufacturing Execution System) Pocket Guide
MES (Manufacturing Execution System) Pocket Guide
 
Basic training water based fire protection
Basic training water based fire protectionBasic training water based fire protection
Basic training water based fire protection
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
 
Fm 200 system - working and isolation method
Fm 200 system - working and isolation method Fm 200 system - working and isolation method
Fm 200 system - working and isolation method
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Novec 1230
Novec 1230Novec 1230
Novec 1230
 
Standards and protocols instrumentation ( typical)
Standards and protocols instrumentation ( typical)Standards and protocols instrumentation ( typical)
Standards and protocols instrumentation ( typical)
 
ISO 45001:2018 slide show
ISO 45001:2018 slide show ISO 45001:2018 slide show
ISO 45001:2018 slide show
 
Best Approach to Integrate ISO 9001 and ISO 27001 Simultaneously
Best Approach to Integrate ISO 9001 and ISO 27001 SimultaneouslyBest Approach to Integrate ISO 9001 and ISO 27001 Simultaneously
Best Approach to Integrate ISO 9001 and ISO 27001 Simultaneously
 
1. safety instrumented systems
1. safety instrumented systems1. safety instrumented systems
1. safety instrumented systems
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
DALI (Digital Addressable Lighting Interface)
DALI (Digital Addressable Lighting Interface)DALI (Digital Addressable Lighting Interface)
DALI (Digital Addressable Lighting Interface)
 

Similar to Why SIL3 (ENG)

0 safety presentation master v1
0 safety presentation master v10 safety presentation master v1
0 safety presentation master v1confidencial
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar finalAlgoSec
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarAlgoSec
 
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...Gaurav Singh Rajput
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 
Sil explained in valve actuators
Sil explained in valve actuatorsSil explained in valve actuators
Sil explained in valve actuatorsJohn Kingsley
 
Functional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling IndustryFunctional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling IndustryLloyd's Register Energy
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementAlgoSec
 
Deltav sis-system-overview-brochure-data
Deltav sis-system-overview-brochure-dataDeltav sis-system-overview-brochure-data
Deltav sis-system-overview-brochure-dataNhựt Bằng Nguyễn
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...David Sidhu
 
Smart Manufacturing
Smart ManufacturingSmart Manufacturing
Smart ManufacturingCSA Group
 
Key Considerations for Scoping Reinstrumentation Projects
Key Considerations for Scoping Reinstrumentation ProjectsKey Considerations for Scoping Reinstrumentation Projects
Key Considerations for Scoping Reinstrumentation ProjectsYokogawa1
 
Industrial Security.pdf
Industrial Security.pdfIndustrial Security.pdf
Industrial Security.pdfAhmedRKhan
 
5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy management5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy managementAlgoSec
 
Safety and security in distributed systems
Safety and security in distributed systemsSafety and security in distributed systems
Safety and security in distributed systemsEinar Landre
 

Similar to Why SIL3 (ENG) (20)

lenner.pptx
lenner.pptxlenner.pptx
lenner.pptx
 
0 safety presentation master v1
0 safety presentation master v10 safety presentation master v1
0 safety presentation master v1
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
 
CI_SCS_Intro
CI_SCS_IntroCI_SCS_Intro
CI_SCS_Intro
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
 
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
 
Sil explained in valve actuators
Sil explained in valve actuatorsSil explained in valve actuators
Sil explained in valve actuators
 
Functional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling IndustryFunctional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling Industry
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
 
Deltav sis-system-overview-brochure-data
Deltav sis-system-overview-brochure-dataDeltav sis-system-overview-brochure-data
Deltav sis-system-overview-brochure-data
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Smart Manufacturing
Smart ManufacturingSmart Manufacturing
Smart Manufacturing
 
Key Considerations for Scoping Reinstrumentation Projects
Key Considerations for Scoping Reinstrumentation ProjectsKey Considerations for Scoping Reinstrumentation Projects
Key Considerations for Scoping Reinstrumentation Projects
 
Industrial Security.pdf
Industrial Security.pdfIndustrial Security.pdf
Industrial Security.pdf
 
Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphy
 
5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy management5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy management
 
Safety and security in distributed systems
Safety and security in distributed systemsSafety and security in distributed systems
Safety and security in distributed systems
 

More from ie-net ingenieursvereniging vzw

Contactloos volume flow meting op transportbanden (ENG.)
Contactloos volume flow meting op transportbanden (ENG.)Contactloos volume flow meting op transportbanden (ENG.)
Contactloos volume flow meting op transportbanden (ENG.)ie-net ingenieursvereniging vzw
 
Hoe maak ik de omgeving van mijn opslagtank veilig efficient
Hoe maak ik de omgeving van mijn opslagtank veilig efficientHoe maak ik de omgeving van mijn opslagtank veilig efficient
Hoe maak ik de omgeving van mijn opslagtank veilig efficientie-net ingenieursvereniging vzw
 
Elektrische installaties in ruimtes met stofexplosiegevaar (Nl.)
Elektrische installaties in ruimtes met stofexplosiegevaar (Nl.)Elektrische installaties in ruimtes met stofexplosiegevaar (Nl.)
Elektrische installaties in ruimtes met stofexplosiegevaar (Nl.)ie-net ingenieursvereniging vzw
 
Elektrische installaties in ruimtes met stofexplosiegevaar (1.3 Mb) (Nl.)
Elektrische installaties in ruimtes met stofexplosiegevaar (1.3 Mb) (Nl.)Elektrische installaties in ruimtes met stofexplosiegevaar (1.3 Mb) (Nl.)
Elektrische installaties in ruimtes met stofexplosiegevaar (1.3 Mb) (Nl.)ie-net ingenieursvereniging vzw
 

More from ie-net ingenieursvereniging vzw (20)

Ultrasoon_Clamp-on.pdf
Ultrasoon_Clamp-on.pdfUltrasoon_Clamp-on.pdf
Ultrasoon_Clamp-on.pdf
 
Elektromagnetische_debietmeters.pdf
Elektromagnetische_debietmeters.pdfElektromagnetische_debietmeters.pdf
Elektromagnetische_debietmeters.pdf
 
SGS Skybase (NL) .pdf
SGS Skybase (NL) .pdfSGS Skybase (NL) .pdf
SGS Skybase (NL) .pdf
 
VEGA-Radar vs US-26APR2022-NL.pdf
VEGA-Radar vs US-26APR2022-NL.pdfVEGA-Radar vs US-26APR2022-NL.pdf
VEGA-Radar vs US-26APR2022-NL.pdf
 
From process to emission
From process to emissionFrom process to emission
From process to emission
 
Contactloos volume flow meting op transportbanden (ENG.)
Contactloos volume flow meting op transportbanden (ENG.)Contactloos volume flow meting op transportbanden (ENG.)
Contactloos volume flow meting op transportbanden (ENG.)
 
Connecting fieldbus power and knowledge
Connecting fieldbus power and knowledgeConnecting fieldbus power and knowledge
Connecting fieldbus power and knowledge
 
Frequentieregelaars
FrequentieregelaarsFrequentieregelaars
Frequentieregelaars
 
Breekplaten beademingsmachines vlamdover (NED.)
Breekplaten beademingsmachines vlamdover (NED.)Breekplaten beademingsmachines vlamdover (NED.)
Breekplaten beademingsmachines vlamdover (NED.)
 
Veiligheden rond de tank
Veiligheden rond de tankVeiligheden rond de tank
Veiligheden rond de tank
 
Veiligheden rond de tank
Veiligheden rond de tankVeiligheden rond de tank
Veiligheden rond de tank
 
Hima cyber security
Hima cyber securityHima cyber security
Hima cyber security
 
Vik g.haekens-atex risico evaluatie
Vik g.haekens-atex risico evaluatieVik g.haekens-atex risico evaluatie
Vik g.haekens-atex risico evaluatie
 
Hoe maak ik de omgeving van mijn opslagtank veilig efficient
Hoe maak ik de omgeving van mijn opslagtank veilig efficientHoe maak ik de omgeving van mijn opslagtank veilig efficient
Hoe maak ik de omgeving van mijn opslagtank veilig efficient
 
Checklist tankcontrole 2018 bacd
Checklist tankcontrole 2018 bacdChecklist tankcontrole 2018 bacd
Checklist tankcontrole 2018 bacd
 
Controle en ingebruikname van uw opslagtank
Controle en ingebruikname van uw opslagtankControle en ingebruikname van uw opslagtank
Controle en ingebruikname van uw opslagtank
 
Certainly not explosive (Eng)
Certainly not explosive (Eng)Certainly not explosive (Eng)
Certainly not explosive (Eng)
 
Elektrische installaties in ruimtes met stofexplosiegevaar (Nl.)
Elektrische installaties in ruimtes met stofexplosiegevaar (Nl.)Elektrische installaties in ruimtes met stofexplosiegevaar (Nl.)
Elektrische installaties in ruimtes met stofexplosiegevaar (Nl.)
 
Elektrische installaties in ruimtes met stofexplosiegevaar (1.3 Mb) (Nl.)
Elektrische installaties in ruimtes met stofexplosiegevaar (1.3 Mb) (Nl.)Elektrische installaties in ruimtes met stofexplosiegevaar (1.3 Mb) (Nl.)
Elektrische installaties in ruimtes met stofexplosiegevaar (1.3 Mb) (Nl.)
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentation
 

Recently uploaded

Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
welding defects observed during the welding
welding defects observed during the weldingwelding defects observed during the welding
welding defects observed during the weldingMuhammadUzairLiaqat
 
8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitterShivangiSharma879191
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsSachinPawar510423
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgsaravananr517913
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionMebane Rash
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 

Recently uploaded (20)

Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 
welding defects observed during the welding
welding defects observed during the weldingwelding defects observed during the welding
welding defects observed during the welding
 
8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documents
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of Action
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 

Why SIL3 (ENG)

  • 1. Why SIL3? Josse Brys TUV Engineer j.brys@hima.com
  • 2. 22 Agenda • Functional Safety • Good planning if specifications are not right? • What is the difference between a normal safety and SIL3 loop? • How do systems achieve safety? • Layers of protection • Are you safe if you buy a SIL3 PLC? • Safety & non safety in one application or separate safety and non-safety • Cyber security
  • 4. 44 HIMA: Safety Systems Others: Safety is small part of their business HIMA SIS SIS Others Introduction HIMA HIMA is focused on Safety Systems
  • 5. 55 SIL 3, SIL4 Safety PLC’s Railways TMC BCS ESD F&G HIPPS Pipeline Logistics Nuclear HIMA solutions for Introduction HIMA
  • 6. 66 Safety ? Why should we invest in safety? ‣ You think safety is expensive, try an accident… ‣ Today an accident cost more than 10x the investment in the process ‣ We have had terrible accidents in the past ‣ We learned, but accidents with serious impact still happen today
  • 8. 88 Safety Integrity Level - SIL SIL is how we measure the performance of safety functions carried out by safety instrumented systems SIL has 3 sides to the story ‣ Process owners: Which safety functions do I need and how much SIL do I need? ‣ Engineering companies, system integrators, product developers: How do I build SIL compliant safety devices, functions or systems? ‣ Process operators: How do I operate, maintain and repair safety functions and systems to maintain the identified SIL levels?
  • 10. 1010 SIL levels Most famous SIL requirement is the Probability of Failure on Demand PFDavg = Probability of Failure on Demand average
  • 11. 1111 Functional Safety A safety instrumented system is 100% functionally safe if All random, common cause and systematic failures do not lead to malfunctioning of the safety system and do not result in ‣ Injury or death of humans ‣ Spills to the environment ‣ Loss of equipment or production ‣ 100% functional safety does not exist but SIL 1, 2, 3 or 4 does
  • 12. 1212 Common cause does not happen? Complete plant flooded because of heavy rainfall, bad drainage and dike
  • 13. 1313 Good planning if specifications are not right? IEC 61508 Lifecycle Concept
  • 14. 1414 Good planning if specifications are not right? Lifecycle & Frequency of Failures
  • 15. 1515 Good planning if specifications are not right? Think the following: Your specifications = a red car with a horse What would you get?
  • 16. 1616 A red car with a horse
  • 17. 1717 A red car with a horse
  • 18. 1818 What is the difference between a normal safety and SIL3 loop? • SIL 1 Typically easy to achieve using standard components • Through the selection of certified components, can achieve SIL 2 with single channel sensing or final elements • Still need to consider the systematic capability for the devices, however these are less stringent for SIL 1 or 2 • Lifecycle cost typically the same as a normal BPCS loop. NORMAL LOOP BPCS = Basic Process Control System
  • 19. 1919 • Redundancy requirements for sensing and final elements Required by Tables 2 and 3 of 61508-2. Based on SFF Safe Failure Fraction = A measure of the effectiveness of the fail safe design and/or the built-in diagnostic tests Depending on the logic solver, can be single channel • Proof Test Coverage can be a limiting factor • Systematic requirements higher Requires careful selection of devices to ensure this is achieved. May rule out your normal supplier • Life cycle cost much higher What is the difference between a normal safety and SIL3 loop? SIL 3 LOOP
  • 20. 2020 • The higher the SIL the more techniques and measures are required to detect, control and avoid human error • SIL 1 Typically easy to achieve using a standard QMS system with added competence requirements • SIL 2 requires an “advanced” system with competence management and reliance on testing • SIL 3 has stringent requirements governing diversity in design, competence of a high order and stringent testing requirements What is the difference between a normal safety and SIL3 loop?
  • 21. 2121 How do systems achieve safety? Safety Instrumented System
  • 22. 2222 How do systems achieve safety? 1oo3
  • 23. 2323 How do systems achieve safety? Input Output 2oo3 A B C Voting systems 2oo3 Voting 1oo2D Diagnostic systems Diagnostics Diagnostics Input Output µP µP Diag. Diagnostics Diagnostics Diagnostics
  • 24. 2424 How do systems achieve safety?
  • 25. 2525 Layers of protection Increase safety and cyber security prevent mitigate
  • 26. 2626 Layers of protection Specific • must be specifically designed to be capable of preventing the consequences of the potentially hazardous event Independent • must be completely independent from all other protection layers Dependable • must be capable of acting dependably to prevent the consequence from occurring (systematic and random faults) Auditable • must be tested and maintained to ensure risk reduction is continually achieved
  • 27. 2727 Layers of protection – The 3 “ENOUGHS” • Big Enough • Must be big enough to cope the with the potential hazard • Fast Enough • Must be fast enough to sense and react to prevent the potential • Strong Enough • Must be able to survive all arising situations when preventing the hazardous event.
  • 28. 2828 Are you safe if you buy a SIL3 PLC? • NO!!! • Need to consider Sensing and final elements • Need to consider Systematic Capability This applies to the integrator of the Logic Solver – important to look at their quality system Apples to the installer of the Safety Integrated Functions – important to look at their quality system • Need to carefully consider Proof Test Intervals and Proof test coverage Short proof test intervals should be avoided as the testing requirements often require plant shutdown Incorrect to assume that the proof test is perfect This can have a profound effect on the result because we are dealing with very small numbers
  • 29. 2929 Safety & non safety in one application or separate safety and non-safety • Considerations for separating: Hazards are caused by the non safety application Risk assessment not able to separate the causes Required by Buncefield recommendation 3 – “physical and electrical independence” Need for Cyber security • Considerations for systematic capability!!! Often the same person programming the non-safety will be programming the safety!
  • 30. 3030 Safety & non safety in one application or separate safety and non-safety prevent mitigate
  • 31. 3131 Safety & non safety in one application or separate safety and non-safety The risk we talk about is related to a hazard ‣ Risk is a combination of ‣ The severity of consequences (C) ‣ The frequency of occurrence (F) ‣ Risk = C x F Risksafety = probability of a damage * potential of the damage
  • 32. 3232 Security is a foundation for safety. Functional safety Risksafety = probability of a damage * potential of the damage World Sys. +Cyber security Risksecurity = threat * vulnerability * potential of the damage World Sys. Safety World Sys.
  • 33. 3333 Compartmentalize. Avoid universal access. Enterprise Plant DMZ Control Center SIS BPCS Plant Conduit Conduit Conduit Internet
  • 34. 3434 Security is a process. Risk analysis Protect Detect React Security is a process to reduce the risk of damage due to external influence. This process can be supported by technical measures. Source: IEC 62443-3-3 Both the IEC 61511 (safety) and the draft of the IEC 62 443 (security) demand to build systems in multiple layers of protection. (Defense in the Depth) Enterprise Plant DMZ Control Center SIS BPCS Plant Conduit Conduit Conduit Internet
  • 35. 3535 Segregation of non safe networks. Besides the usage of VLAN HIMax offers a complete segregation. This interference free implementation guarantees segregated networks even for non safe protocols. Max. Safety (SIL3). Max. Availability for safeethernet. Max. Availability for non safe communication. X-CPU X-SB RJ45 Safety-Net X-COM RJ45 Field Net X-COM RJ45 DCS-Net
  • 36. 3636 Security is supported by HIMA Products: High quality development process HIMA products are developed for safety following the four eyes principle Only documented ports for communication available no backdoor Minimal attack surface, only required services are integrated. Systematic use separate system supports the avoidance of common cause failures and the multi-layer protection concept. Products with Security Features Segregation of safety network (CPU) and non safety network (COM) Standard Ethernet protocols can be used with any firewall. blocking of control function via key switch Display of program changes in the DCS system via CRC Unused physical ports can be closed by using port-based VLAN. High-quality programming environment SILworX checks all software components prior to use. Code comparison to detect changes in the user program. 2-level user management Simple Project backup (one file) User access in Windows is sufficient. Secure OPC Server runs as a service, no login to Windows is required.
  • 37. 3737 Be reluctant to trust. … even vendors of secure products have to admit failures.
  • 38. 3838 Always the right solution ? 38 HIMA can help you getting the right solution and have the right safety system you need! Maximum security and availability