Why SIL3? Josse Brys TUV Engineer j.brys@hima.com

Similar documents
Version: 1.0 Latest Edition: Guideline

Basic Fundamentals Of Safety Instrumented Systems

Hardware safety integrity Guideline

Selecting Sensors for Safety Instrumented Systems per IEC (ISA )

High Availability and Safety solutions for Critical Processes

Safety Requirements Specification Guideline

The rocky relationship between safety and security

Value Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity

Integrated Fire and Gas Solution - Improves Plant Safety and Business Performance

A methodology For the achievement of Target SIL

Understanding Safety Integrity Levels (SIL) and its Effects for Field Instruments

Integrating Control and Safety with Secure System Segregation

How To Secure Your System From Cyber Attacks

Is your current safety system compliant to today's safety standard?

S a f e t y & s e c u r i t y a l i g n m e n t b e n e f i t s f o r h i g h e r o p e r a t i o n a l i n t e g r i t y R A H U L G U P TA

Version: 1.0 Last Edited: Guideline

SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR

IEC Overview Report

Take a modern approach to increase safety integrity while improving process availability. DeltaV SIS Process Safety System

What is CFSE? What is a CFSE Endorsement?

Vetting Smart Instruments for the Nuclear Industry

Effective Compliance. Selecting Solenoid Valves for Safety Systems. A White Paper From ASCO Valve, Inc. by David Park and George Wahlers

Mitigating safety risk and maintaining operational reliability

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

SOFTWARE-IMPLEMENTED SAFETY LOGIC Angela E. Summers, Ph.D., P.E., President, SIS-TECH Solutions, LP

Safety controls, alarms, and interlocks as IPLs

Cyber Security Design Methodology for Nuclear Power Control & Protection Systems. By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC)

Cyber Security Implications of SIS Integration with Control Networks

Viewpoint on ISA TR Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President

Machineontwerp volgens IEC 62061

SAFETY LIFE-CYCLE HOW TO IMPLEMENT A

Safety Nonstop for airports. Seamless safety throughout all areas

Announcement of a new IAEA Co-ordinated Research Programme (CRP)

Remote Services. Managing Open Systems with Remote Services

Keeping the Lights On

OPC & Security Agenda

Funktionale Sicherheit IEC & IEC 62443

TÜV Rheinland Functional Safety Program Functional Safety Engineer Certification

> THE SEVEN GREATEST THREATS TO PROCESS PLANT > WHAT S INSIDE: SAFETY, AND HOW TO MANAGE THEM WHITE PAPER

State of Texas. TEX-AN Next Generation. NNI Plan

SIL manual. Structure. Structure

FMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

Final Element Architecture Comparison

Verve Security Center

Session 14: Functional Security in a Process Environment

Failure Modes, Effects and Diagnostic Analysis

Logic solver application software and operator interface

WELLHEAD FLOWLINE PRESSURE PROTECTION USING HIGH INTEGRITY PROTECTIVE SYSTEMS (HIPS)

Does Aligning Cyber Security and Process Safety Reduce Risk?

FUNCTIONAL SAFETY CERTIFICATE

Designing a security policy to protect your automation solution

TeleTrusT Bundesverband IT-Sicherheit e.v.

CYBER SECURITY. Is your Industrial Control System prepared?

New Era in Cyber Security. Technology Development

Safety Integrated. SIMATIC Safety Matrix. The Management Tool for all Phases of the Safety Lifecycle. Brochure September Answers for industry.

SIL in de praktijk (Functional Safety) Antwerpen Compliance of Actuators and Life Cycle Considerations. SAMSON AG Dr.

Plant Network Security

SAFETY MANUAL SIL Switch Amplifier

Reduce Medical Device Compliance Costs with Best Practices.

IEC Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.

Obsolescence Management for Industrial Assets. Don Ogwude President Creative Systems International

Valves and Solenoid Valves testet and certified byrheinhold & Mahla according to IEC 61508/61511

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Dr. György Kálmán

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

Supplier Security Assessment Questionnaire

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Optimizing and Securing an Industrial DCS with VMware

A PROCESS ENGINEERING VIEW OF SAFE AUTOMATION

Manufacturing Operations Management. Dennis Brandl

SAFETY MANUAL SIL SMART Transmitter Power Supply

Performance Based Gas Detection System Design for Hydrocarbon Storage Tank Systems

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Reduce Risk with a State-of-the-Art Safety Instrumented System. Executive Overview Risk Reduction Is the Highest Priority...

GoodData Corporation Security White Paper

Network Access Control ProCurve and Microsoft NAP Integration

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

You Must Know About the New RIA Automation Standard

Planning Your Safety Instrumented System

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.

Fire and Gas Solutions. Improving Safety and Business Performance

Cisco Disaster Recovery: Best Practices White Paper

ISACA rudens konference

Document ID. Cyber security for substation automation products and systems

Symphony Plus Cyber security for the power and water industries

TÜV FS Engineer Certification Course Being able to demonstrate competency is now an IEC requirement:

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Industrial Security for Process Automation

Safety Integrity Level (SIL) Assessment as key element within the plant design

QuickBooks Online: Security & Infrastructure

DeltaV System Health Monitoring Networking and Security

SIS Smart SIS 15 minutes

Automation, Software and Information Technology. Test report of the type approval safety-related automation devices

RECOMMENDED GUIDELINES FOR THE APPLICATION OF IEC AND IEC IN THE PETROLEUM ACTIVITIES ON THE NORWEGIAN CONTINENTAL SHELF

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Chapter 2 Reading Organizer

Effective Defense in Depth Strategies

Controlling Risks Safety Lifecycle

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

Transcription:

Why SIL3? Josse Brys TUV Engineer j.brys@hima.com

Agenda Functional Safety Good planning if specifications are not right? What is the difference between a normal safety and SIL3 loop? How do systems achieve safety? Layers of protection Are you safe if you buy a SIL3 PLC? Safety & non safety in one application or separate safety and non-safety Cyber security 2

Introduction : HIMA helps to prevent: HIMA SIS 3

Introduction HIMA HIMA is focused on Safety Systems SIS HIMA SIS Others HIMA: Safety Systems Others: Safety is small part of their business 4

Introduction HIMA SIL 3, SIL4 Safety PLC s HIMA solutions for Railways TMC BCS ESD F&G HIPPS Pipeline Logistics Nuclear 5

Safety? Why should we invest in safety? You think safety is expensive, try an accident Today an accident cost more than 10x the investment in the process We have had terrible accidents in the past We learned, but accidents with serious impact still happen today 6

Functional Safety Standards 7

Safety Integrity Level - SIL SIL is how we measure the performance of safety functions carried out by safety instrumented systems SIL has 3 sides to the story Process owners: Which safety functions do I need and how much SIL do I need? Engineering companies, system integrators, product developers: How do I build SIL compliant safety devices, functions or systems? Process operators: How do I operate, maintain and repair safety functions and systems to maintain the identified SIL levels? 8

SIL levels Risk reduction 9

SIL levels Most famous SIL requirement is the Probability of Failure on Demand PFDavg = Probability of Failure on Demand average 10

Functional Safety A safety instrumented system is 100% functionally safe if All random, common cause and systematic failures do not lead to malfunctioning of the safety system and do not result in Injury or death of humans Spills to the environment Loss of equipment or production 100% functional safety does not exist but SIL 1, 2, 3 or 4 does 11

Common cause does not happen? Complete plant flooded because of heavy rainfall, bad drainage and dike 12

Good planning if specifications are not right? IEC 61508 Lifecycle Concept 13

Good planning if specifications are not right? Lifecycle & Frequency of Failures 14

Good planning if specifications are not right? Think the following: Your specifications = a red car with a horse What would you get? 15

A red car with a horse 16

A red car with a horse 17

What is the difference between a normal safety and SIL3 loop? NORMAL LOOP SIL 1 Typically easy to achieve using standard components Through the selection of certified components, can achieve SIL 2 with single channel sensing or final elements Still need to consider the systematic capability for the devices, however these are less stringent for SIL 1 or 2 Lifecycle cost typically the same as a normal BPCS loop. BPCS = Basic Process Control System 18

What is the difference between a normal safety and SIL3 loop? SIL 3 LOOP Redundancy requirements for sensing and final elements Required by Tables 2 and 3 of 61508-2. Based on SFF Safe Failure Fraction = A measure of the effectiveness of the fail safe design and/or the built-in diagnostic tests Depending on the logic solver, can be single channel Proof Test Coverage can be a limiting factor Systematic requirements higher Requires careful selection of devices to ensure this is achieved. May rule out your normal supplier Life cycle cost much higher 19

What is the difference between a normal safety and SIL3 loop? The higher the SIL the more techniques and measures are required to detect, control and avoid human error SIL 1 Typically easy to achieve using a standard QMS system with added competence requirements SIL 2 requires an advanced system with competence management and reliance on testing SIL 3 has stringent requirements governing diversity in design, competence of a high order and stringent testing requirements 20

How do systems achieve safety? Safety Instrumented System 21

How do systems achieve safety? 1oo3 22

How do systems achieve safety? Input Input A B C Diag. µp µp Diagnostics Diagnostics Diagnostics 2oo3 Voting Diagnostics Diagnostics 2oo3 1oo2D Output Voting systems Output Diagnostic systems 23

How do systems achieve safety? 24

Layers of protection mitigate prevent Increase safety and cyber security 25

Layers of protection Specific must be specifically designed to be capable of preventing the consequences of the potentially hazardous event Independent must be completely independent from all other protection layers Dependable must be capable of acting dependably to prevent the consequence from occurring (systematic and random faults) Auditable must be tested and maintained to ensure risk reduction is continually achieved 26

Layers of protection The 3 ENOUGHS Big Enough Must be big enough to cope the with the potential hazard Fast Enough Must be fast enough to sense and react to prevent the potential Strong Enough Must be able to survive all arising situations when preventing the hazardous event. 27

Are you safe if you buy a SIL3 PLC? NO!!! Need to consider Sensing and final elements Need to consider Systematic Capability This applies to the integrator of the Logic Solver important to look at their quality system Apples to the installer of the Safety Integrated Functions important to look at their quality system Need to carefully consider Proof Test Intervals and Proof test coverage Short proof test intervals should be avoided as the testing requirements often require plant shutdown Incorrect to assume that the proof test is perfect This can have a profound effect on the result because we are dealing with very small numbers 28

Safety & non safety in one application or separate safety and non-safety Considerations for separating: Hazards are caused by the non safety application Risk assessment not able to separate the causes Required by Buncefield recommendation 3 physical and electrical independence Need for Cyber security Considerations for systematic capability!!! Often the same person programming the non-safety will be programming the safety! 29

Safety & non safety in one application or separate safety and non-safety mitigate prevent 30

Safety & non safety in one application or separate safety and non-safety The risk we talk about is related to a hazard Risk is a combination of The severity of consequences (C) The frequency of occurrence (F) Risk = C x F Risk safety = probability of a damage * potential of the damage 31

Security is a foundation for safety. Functional safety Risk safety = probability of a damage * potential of the damage World Sys. + Cyber security Risk security = threat * vulnerability * potential of the damage World Sys. Safety World Sys. 32

Compartmentalize. Avoid universal access. Conduit Enterprise Plant DMZ Internet Control Center Conduit SIS Conduit BPCS Plant 33

Security is a process. React Detect Risk analysis Conduit Enterprise Internet Protect Security is a process to reduce the risk of damage due to external influence. This process can be supported by technical measures. Control Center Plant DMZ Conduit Both the IEC 61511 (safety) and the draft of the IEC 62 443 (security) demand to build systems in multiple layers of protection. (Defense in the Depth) SIS Conduit Plant BPCS Source: IEC 62443-3-3 34

Segregation of non safe networks. Safety-Net Field Net DCS-Net Besides the usage of VLAN HIMax offers a complete segregation. This interference free implementation guarantees segregated networks even for non safe protocols. RJ45 Max. Safety (SIL3). Max. Availability for safeethernet. X-CPU X-SB X-COM X-COM Max. Availability for non safe communication. RJ45 RJ45 35

Security is supported by HIMA Products: High quality development process HIMA products are developed for safety following the four eyes principle Only documented ports for communication available no backdoor Minimal attack surface, only required services are integrated. Systematic use separate system supports the avoidance of common cause failures and the multi-layer protection concept. Products with Security Features Segregation of safety network (CPU) and non safety network (COM) Standard Ethernet protocols can be used with any firewall. blocking of control function via key switch Display of program changes in the DCS system via CRC Unused physical ports can be closed by using port-based VLAN. High-quality programming environment SILworX checks all software components prior to use. Code comparison to detect changes in the user program. 2-level user management Simple Project backup (one file) User access in Windows is sufficient. Secure OPC Server runs as a service, no login to Windows is required. 36

Be reluctant to trust. even vendors of secure products have to admit failures. 37

Always the right solution? HIMA can help you getting the right solution and have the right safety system you need! Maximum security and availability 38

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information