Safety for Automation and Control Networks - Peter Brown

Engineering
with PROFIsafe
Pete Brown
Siemens Customer
Services
Pete Brown / PROFIsafe

What do we mean by “Safety”
“The condition of being safe; freedom from danger, risk, or injury.”
In the UK (and Europe) this can cover many areas and industries, for example:
Supply of Machinery (Safety) Regulations
Electromagnetic Compatibility Regulations
Electrical Equipment (Safety) Regulations
Pressure Equipment Regulations
Simple Pressure Vessels (Safety) Regulations
Equipment and Protective Systems Intended for Use in Potentially Explosive Atmospheres
Regulations
Lifts Regulations
Medical Devices Regulations
Gas Appliances (Safety) Regulations
Pete Brown / Engineering with PROFIsafe
Important: It is essential to have some
form of risk assessment / risk analysis
e.g. HAZAN / HAZID / HAZOP / RA to
ISO 12100

Legislation / HASAWA 1974
It shall be the duty of every employer to conduct his undertaking in such a way as to ensure, so far as is
reasonably practicable, that persons not in his employment who may be affected thereby are not thereby
exposed to risks to their health and safety.
It shall be the duty of any person who designs, manufactures, imports or supplies any article for use at
work –
(a) to ensure, so far is reasonably practicable, that the article is so designed and constructed as to be safe and
without risks to health when properly used;
(b) to carry out or arrange for the carrying out of such testing and examination as may be necessary for the
performance of the duty imposed on him by the preceding paragraph;
(c) to take such steps as are necessary to secure that there will be available in connection with the use of the
article at work adequate information about the use for which it is designed and has been tested, and about
any conditions necessary to ensure that, when put to that use, it will be safe and without risks to health.
3

Legislation / General
The Management of Health and Safety at Work Regulations
SCR The Offshore Installations (Safety Case) Regulations
PFEER The Offshore Installations (Prevention of Fire and Explosion, and
Emergency Response) Regulations
COMAH Control of Major Accident Hazards Regulations
DSEAR Dangerous Substances and Explosive Atmospheres Regulations
Machinery Directive, Low Voltage Directive, EMC Directive
Consumer Protection Act 1987
New for 2015! COMAH – HSE ECI Delivery Guide
What defines the minimum we should do?:
Harmonized Standards
Approved Code of Practice
International Standards
4
Forseeable mis-use
IT security
Unexpected start-up
Fault masking

Expectations for Safety-Related controls
As Low As Reasonably Practicable (ALARP)
So Far As Is Reasonably Practicable (SFAIRP)
What do these terms mean?
What do these terms for Automation & Control
5

What does this
mean for
Automation
Engineers
Functional Safety

‘Best Practice’
7
IEC 61508
IEC 62061 ISO 13849
EN954
(until 2011)
IEC 61511
Process
Industry Manufacturing Industry
Focus
ProductManufacture
Focus
Integration
Relevant good
practice
Harmonized
standards

Basic Lifecycle Concept
8
Pete Brown / Handling Functional Safety
Functional Safety
Control of dangerous
failures during
operation through
Robust Design
Control and avoidance
of systematic failures
through Robust
Processes
Safety Lifecycle Requirement
Engineering / Design
System Architecture
Failure Probability
Planning / Processes
Safety Management
Verification / Responsibilities

How does
PROFIsafe
help?
Modern
Requirements and
Best Practice
9
Pete Brown / Handling Functional Safety

PROFIsafe – The Vision
10
Profibus DP
Standard-Host/PLC
F-Gate-
way
other
Safety-
Bus
Repeater
Standard-I/O
Master-Slave
Assignment
F-Field-
Device
DP/PA
Coexistence of standard and failsafe communication
F-Host/FPLC
Standard-I/O
F-I/O
Engineering Tool
PG/ES with
secure access
e.g. Firewall
TCP/IP
F = Failsafe
F-Sensor F-Actuator

Safety-related Controls
11
PROFIBUS DP
Standard-I/O
(DP-Slave)
Standard-Host/PLC
(DP-Master , class1)
Standard-I/O
(DP-Slave)
Proprietary safety busses Conventional
safety technology
e.g. PNOZ, 3TK
DiagnosisDiagnosisStandard
Functional
safety
Relais
Safety PLC Safety I/O
Wiring?
Flexibility?
Seamless
engineering?
Space?

Cyclic Communication
12
F-Host / FPLC
Laserscanner Standard-I/O F-I/O Drive with integrated
Safety
1:1 Communication relationship
between master and slave1
2
Bus cycle

PROFIsafe – ISO/OSI Model
13
"Black Channel": ASICs, Links, Cables, etc. Not safety relevant
"PROFIsafe": Safety critical communications systems: Addressing, Watch Dog Timers,
Sequencing, Signature, etc.
Safety relevant, Not part of the PROFIsafe: Safety I/O / Safety Control Systems
Non safety critical functions, e.g. diagnostics
Standard-
I /O
Standard
Control
1
2
7
1
2
7
1
2
7
1
2
7
1
2
7
Safety
Input
Safety
Control
Safety
Output
Safety-LayerSafety-LayerSafety-Layer
e.g.. Diagnostics

PROFIsafe – Add-on Strategy
14
Standard
engineering
tool
STEP 7
Standard
CPU
Standard
PROFIBUS DP
Standard
Remote I/O
Failsafe engineering
Tool
Distributed Safety
Failsafe
I/O Modules
PROFIsafe
Failsafe
Application
ProgramF-Hardware

PROFIsafe - Program
15
Coexistence of standard program and safety-related program on one CPU.
Changes to the standard program have no effect on the integrity of the safety-related
program section.
Standard program
Safety program
Standard program

PROFIsafe – Coded Processing
16
Time redundancy and diversity replace complete redundancy
Time redundancy
Time
Diverse
Operation
Operation
Coding Comparison
Diverse
Operators
Operators
Diverse
Output
Output
Stop
by D /C
D = /C
CA, B
/A, /B
OR
AND

PROFIsafe - Basics
17
“Blackchannel"
PROFIsafe
layer
PROFIsafe
layer
Standard
data
Fail-safe
data
Standard
bus
protocol
Standard
data
Fail-safe
data
Standard
bus
protocol
PROFIBUS
PROFINET
First standard of communication in accordance with safety standard IEC 61508.
PROFIsafe supports safe communication for the open standard PROFIBUS and
PROFINET.
The PROFIsafe meets possible faults like address error, delay, data loss with
Serial numeration of PROFIsafe-telegram
Time monitoring
Authenticity monitoring
Optimized CRC-checking
PROFIsafe supports standard- and failsafe
Communication by one medium

PROFIsafe - Checks
18
Failure type:
Remedy: Consecutive
Number
Time Out
with Receipt
Codename for
Sender and
Receiver
Data
Consistency
Check
Repetition
Deletion
Insertion
Resequencing
Data Corruption
Delay
Masquerade (standard
message mimics failsafe)
Revolving memory failure
within switches
Overview:
Possible Errors
and detection
mechanism

PROFIsafe safety PDU
19
S S S S
Standard PROFINET IO messages
F Input/Output Data Status /
Control Byte
CRC2
across
F I/O data, Status or
Control Byte,
F-Parameter,
and Vconsnr_h
Max. 12 / 123 Bytes 1 Byte 3/4 Bytes *) *) 3 Bytes for a max. of
12 Byte F I/O data
4 Byte for a max. of
123 Bytes F I/O data
PROFIsafe container =
Safety PDU

Wireless Communication
20
Industrial Ethernet Backbone Industrial Ethernet Backbone
Automated
Guided
Vehicle (AGV)
Separated PLC
network on rotating
and moving parts
Mobile commissioning
and diagnosis
Access
Point
Access
Point
Access
Point
Client Client

Wireless Communication
21
Wireless
transmission
(WLAN, Bluetooth)
No special safety certification
PROFIsafe approved for BEP up to 10-2
Data Security to be assured by the wireless components
"Stationary" Applications (well-defined locations and movements): No constraints and special
assessments as long as two points are connected via wireless components.
Mobile deployment of wireless components in most cases can only be accepted under certain
contraints (e.g. unambiguous allocation of E-Stop to the hazardous final element). Thus, an
emergency stop button at a mobile operator panel with WLAN transmission is not automatically
permitted even if the transmission is correct from a safety point of view (which is true for PROFIsafe).
Wireless and PROFIsafe is not a question of safety but a question of availability. Currently, only a
maximum of one nuisance trip per work shift (= SIL monitor time = 10h) is permitted at a BEP of 10-2.
(BEP = Bit error probability)

Security for
Industrial
Automation
Considering the
PROFINET Security
Guideline

Cyber Security
What Cyber Security legislation applies?
What is the current state of the market?
Centre for the Protection of National Infrastructure (CPNI)
The Network and Information Security (NIS) Directive
“Providers of essential services”
Confidentiality, Integrity, Availability (CIA)
Availability, Integrity, Confidentiality (AIC)
People, Environment, Asset, Reputation (PEAR)

Industrial IT Security
24
DCS/
SCADA*
*DCS: Distributed Control System
SCADA: Supervisory Control and Data Acquisition
Potential
Attack
Plant Security
Physical Security
• Physical access to facilities and equipment
Policies & Procedures
• Security management processes
• Operational Guidelines
• Business Continuity Management &
Disaster Recovery
Network Security
Security Zones & DMZ
• Secure architecture based on network segmentation
Firewalls and VPN
• Implementationof Firewalls as the only access
point to a security cell
System Integrity
System Hardening
• Adapting system to be secure by default
User Account Management
• Access control based on user rights and
privileges
Patch Management
• Regular implementation of patches and updates
Malware Detection and Prevention
• Anti Virus and Whitelisting

PROFINET Security Concept
The PROFINET Security Concept
From the PROFINET Security Guideline
Network Architecture – Security Zones
Trust Concept – within Zones
Perimeter Defence – Firewall/VPN
Provision of Confidentiality and Integrity
Transparent Integration of Firewalls
25

Secure Automation Cells (Zones)
26
Complete plant security
Secure automation cells
Internet

Methods for Network Security
Security issues and vulnerabilities need to be addressed
There are many methods
How can we address these vulnerabilities using these techniques:
Firewall
Protect against unauthorized access
VLAN (Virtual Local Area Network)
Logical network that operates on the basis of a physical network
DMZ (De-Militarized Zone)
Exchange data with external partners via safe areas
VPN (Virtual Private Network)
Secure tunnel between authenticated users
What is the minimum we should be doing today?
27
National Infrastructure
IT security RA
Assess Safety Functions
IEC 62443 / Zoning

Any questions? Peter Brown
Product Specialist
Siemens Customer Services
Mobile: 07808 825551
Email: brown.peter@siemens.com

Safety for Automation and Control Networks - Peter Brown

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (15)

Similar to Safety for Automation and Control Networks - Peter Brown

Similar to Safety for Automation and Control Networks - Peter Brown (20)

More from PROFIBUS and PROFINET InternationaI - PI UK

More from PROFIBUS and PROFINET InternationaI - PI UK (20)

Recently uploaded

Recently uploaded (20)

Safety for Automation and Control Networks - Peter Brown