4. www.csagroup.org
Opportunities and Challenges
4
“No single set of Standards,
Regulations and forms of
Certifications.
* Industry 4.0 – Opportunities and Challenges of the Industrial Internet,
pwc, Dec. 2014
HUMAN-MACHINE COLLABORATION
5. www.csagroup.org
Case Study: Is the “Robot Tamer” safely protected?
5
Control Industrial Machines With Simple Gestures
*https://vimeo.com/channels/staffpicks/148982525
6. www.csagroup.org
IT meets OT @ Industrial Control System (ICS)
Operations Technology (OT)
• “Is hardware and software that
detects or causes a change
through the direct monitoring
and/or control of physical
devices, processes and events
in the enterprise.”
Information Technology (IT)
• “The entire spectrum of
technologies for information
processing, including software,
hardware, communications
technologies and related
services. In general, IT does not
include embedded technologies
that do not generate data for
enterprise use.”
6
8. www.csagroup.org
Safety/Security Principles in OT & IT
8
Operations
Technology (OT)
Information
Technology (IT)
Security
Confidentiality
Integrity
Availability
Safety
+ Importance Importance +
9. www.csagroup.org
Safety & Security protecting the ICS from failures
Safety
• To protect systems from accidental
failures to avoid hazards.
Security
• Focus on protecting systems from
failures through intentional
malicious attacks.
9
ICS is only as Safe as it is Secure.
11. www.csagroup.org
Functional Safety Standards vs. Product Segments
11
Consumer Products ,
motors and generators (C22.2 no.
77, 100, UL1004,2111),
X X X
Fuel Cell Power Systems - stnry
ANSI/CSA FC1 UL991
X X
lighting equipment x x
Portable tools X X X X
temperature Indicating and
regulating devices.
X X
Limits controls (UL 353, CSA 24) X
electronically operated valves X X
Appliances, cooking range controls X X X X X X
Smart sensors, PLC, LS, valves,
actuators, beacon, sounders,
safety relays, switches,circuit
X X X X X X X X
EPC, System Integrator, safety
product manufacturer
X X X x x x X
X
X
Gas & Flame detectors, SILS X X X X X X X
Automatic electrical controls for
house hold & Industrial gas burner,
CSA -C22.2 no. 60730-2-5;
X X X
X
Safety Devices, to support Ex
equipment, ie , motors etc
X X X X X X X
Risk Assessment X X
Safety of Machinery, decoder,
scanner, automatic door / garage
/gates
X X X X X X X
Safety laser scanner, safety light
curtains
X X X
Veriable speed controller. X X
Safety of Robots X X X X X X X
Lifts, elevators X
Diesel / battery engine/F lift X X X X
Battery storage X
Medical Devices X X
Functional
Safety Sectors vs. Standards
2017-05-10
EN 298, EN 13611, CSA
60730-2-5
UL 858A
EN ISO 13482:2014
EN 50402
IEC/CSA/ISA 60079-29-1
EN 13611
CSA B44/ASME A17.1
IEC 62304 (SW)
CSA No. 0.8-12
UL 1998, UL 991
CSA/ UL/ 60730-1 anx H
IEC 60730-1 Ed. 4 & 5
CSA E60335-1
IEC 61508 (1,2), FSM,HW
FS Standards, Home & COM
commercial, Appliances
IEC 62061
ISO 13849-1
IEC 61508-3 SW
IEC 61511-1
ISO 12100
CSA 205-12
IEC 62841-1
CSA 139-113
CSA FC 1-3 2014
IECEx: IEC 60079-33
EN 1755
EN 50271
IEC 60204
CSA NO. 301-16
IEC 61496
EN 12978 / EN 16005
CSA 60601-1 Ed. 3.1
FS Standards, INDUSTRIAL
PROCESS MACHINERY
IEC 61800-5-2
UL 1973 /UL 9540
ATEX, IECEx, Ordinary Location
FUNCTIONAL SAFETY, HAZLOC FS
medical
UL 1740, ISO 10218
ATEX: EN 50495
IECEx: IEC 60079-42
12. www.csagroup.org
Functional Safety Assessment to IEC 61508
12
PRODUCT Certification
HARDWARE
SAFETY
ASSESSMENT
USING FMEDA
SYSTEMATIC
CAPABILITY
USING CASS
METHODOLOGY
PRODUCE
CERTIFICATE
INDEPENDANTLY
ASSESSED
ISSUE
CERTIFICATE
13. www.csagroup.org
Functional Safety Assessment to IEC 61508
13
GAP
ASSESSMENT
Processes and
Procedures
Audit Functional
Safety Management
(Hardware / Software
Capability)
USING CASS
METHODOLOGY
PRODUCE
CERTIFICATE
INDEPENDANTLY
ASSESSED
ISSUE
CERTIFICATE
COMPANY Certification
15. www.csagroup.org
Overview of ISA 99 / IEC 62443-x family
General
Policies&
Procedures
SystemComponent
Master glossary of
terms and
abbreviations
ISA – 62443-1-2
Terminology,
concepts and
models
ISA – 62443-1-1
System security
compliance metrics
ISA – 62443-1-3
Security lifecycle
and use-case
ISA – 62443-1-4
Security levels for
zones and conduits
ISA – TR62443-3-2
Security
technologies
ISA – TR62443-3-1
System security
requirements and
security levels
ISA – TR62443-3-3
Technical security
requirements for
components
ISA – TR62443-4-2
Product
development
requirements
ISA – TR62443-4-1
Implementation
guidance
ISA – 62443-2-2
Requirements
ISA – 62443-2-1
Patch management
in the environment
ISA – 62443-2-3
Requirements for
solution suppliers
ISA – 62443-2-4
17. www.csagroup.org
CSA Group Cybersecurity Services
• Gap Analysis
– Evaluation of the maturity of cybersecurity controls implemented in product, service or company
– Determines the overall areas of cybersecurity weakness and necessary improvements
– Evaluation to following standards:
• ISO/IEC 62443
• ISO/IEC 27001
• ISO/IEC 27034
• UL2900
• Security Development Lifecycle Assurance (SDLA)
– Framework defines the process used to build a product from inception to decommission
– Product is developed, maintained and decommissioned with “secure by design” approach
– Engage early in design stage
• Embedded Device Security Assurance (EDSA)
– Third-party assurance on the security of embedded devices and device supplier’s development
process
– Examine how well embedded device meets ISA Secure EDSA specifications.
– Includes three elements:
• Functional Security Assessment (FSA)
• Software Development Security Assessment (SDSA)
• Communication Robustness Testing (CRT)
• Bench Testing
– Independent product testing in a lab environment for known vulnerabilities
– Tests product robustness & resilience against known cyber-attacks
– Testing only without attestation
18. www.csagroup.org
“Be an Enabler to help our
customers to succeed.
ü in various ways to support you:
- training & bootcamp;
- gap analysis for existing product design;
- certifications for worldwide market access.
CSA Group
19. www.csagroup.org
Your most trusted advisors
• China/Asia:
– Gary Lin (gary.lin@csagroup.org)
• Europe:
– Rene Bienwald (rene.bienwald@csagroup.org)
• North America:
– Wesley Meiers (wesley.meiers@csagroup.org)