Building SIS architecture for projects, operations and cybersecurity

Mohamed Salman
Mohamed Salman

By Mohamed Salman

When it comes to creating a safety instrumented system (SIS) architecture for projects, operations and cybersecurity, the choices made can impact the life of the process and productivity of the personnel. Designated project team leaders should be able to assess goals and decide how SIS can be integrated with a basic process control system (BPCS) to securely deliver the required process for engineering, safety and operational capabilities.

There are three key approaches towards SIS and BPCS interaction for distributed control system applications. Each of which can be utilized to create and maintain a defendable environment for an efficient overall project, effective operational systems and long-term security.

Building a Defendable Safety System Architecture

Implementing a well-designed architecture that includes SIS and BPCS sets the stage for a safe and secure automation process and environment. The International Society of Automation guidelines require that, among other things, safety-critical assets be logically or physically zoned away from non-safety-critical assets.

Working within these frameworks, teams can choose the appropriate architecture that meets their specific cybersecurity requirements to form a defendable safety system architecture. Teams should begin contemplating the architecture at the start of the project design phase and include their choice in the bid specification. The most important protections against cyber threats are the inherent cybersecurity of the SIS itself and the practices surrounding system operation.

Generally, the automation industry refers to three SIS/BPCS architectures--separate (or air-gapped), interfaced and integrated but separate.

The separate SIS is isolated from the BPCS and potentially from other systems. The SIS is not connected in any way — physically or over a wireless network — to the BPCS. This architecture offers no automated way for malware or data to move between systems.

An interfaced SIS transmits information between SIS and the BPCS via standard industrial protocols, such as Modbus TCP, OPC Data Access (OPC DA) and OPC Unified Architecture (OPC UA). Communication between the systems should be restricted to operation only.

The integrated SIS highlights that the SIS and the BPCS can share the same engineering tools and operator environment. However, the systems’ safety logic must run on dedicated hardware. To maintain independence, the systems must have defendable paths and offer the ability to lock configurations.

Project Engineering Strengths Gained with the Integrated SIS Approach

Engineered links among systems typically require extra countermeasures to ensure secure operation. To engineer these links means using additional protocols — often open protocols — which, if engineered improperly, can ultimately increase potential points of failure, or introduce cybersecurity vulnerabilities.

Engineering represents certain unavoidable costs to an automation project. But by using the integrated SIS approach, an organization can reduce those costs by eliminating some engineering tasks, reducing overlap in responsibilities and avoiding rework.

An integrated environment optimizes accuracy and coordination among the commissioning teams because the process and device data are shared electronically and, therefore, data are consistent across the SIS and BPCS. Assigning privileges to team members is also simplified in the integrated architecture. This eases cybersecurity concerns because the blocks for the SIS and the BPCS are different and the privileges are given separately for each module and can be segregated by a module type or node.

Promoting Simpler and Safer Operations with the Integrated SIS Approach

Creating a well-designed and secure architecture for SIS and BPCS sits at the heart of keeping people, assets, the environment and organizations safe. While the BPCS and SIS can be integrated, they must still be functionally separated for purposes of independent operation. SIS must be always be available to operate even if the BPCS fails to keep the process within safe limits. Integration does not mean common hardware but an effective method to transfer information.

Utilizing an integrated approach allows the BPCS and SIS to easily share workstations, requiring a secure, robust plant-wide network designed to ensure that process and equipment information is available wherever it’s needed.

Meanwhile, as project teams always recognize the importance of a properly-functioning SIS, they sometimes incorrectly assume that once the SIS is initially configured and installed, it will be capable of functioning for the lifecycle of the equipment, with no need to ever make changes and adjustments. Things change — even the SIS. Over the lifetime of the plant, the SIS will likely have to undergo changes should the process be changed, improved or the site expanded.

Diagnostics are common to the BPCS and the SIS and are, therefore, more familiar to the operators and engineers working on both systems. The more personnel are familiar with the process and the systems operating it, the faster they will be able to address safety or reliability issues, improve production and achieve high-integrity process availability.

— The writer is SIS business development manager - MEA, Emerson Automation Solutions