Abstract: With the rapid development of industry, safety issues in industrial control systems have attracted more and more attention. Studies have shown that the information security of industrial control systems may directly affect functional safety. This article will discuss the impact of industrial information security on functional safety.
Keywords: Industrial Control, Functional Safety, Information Security
my country is a big industrial country. Since the “13th Five-Year Plan”, the total industrial scale has been steadily increasing. With the acceleration of the integration of industrialization and informatization, industrial control system interfaces have become more and more open, and the industrial information security problem of malicious intrusion into the system from the outside is becoming more and more serious. The state has introduced a large number of measures to vigorously strengthen the construction of industrial information security assurance capabilities. In addition to industrial information security, functional safety is also important. In the early days, people did not have confidence in the reliability and safety of Electronic technology and computer systems. Functional safety guarantees the safety of safety-related systems composed of electrical, electronic, computer, and fieldbus technologies. Attacks through external networks may also affect functional safety. In 2008, the oil pipeline from Iraq to Turkey exploded. In order to monitor the 1,099-mile oil pipeline, Turkey installed a large number of detectors and cameras in the pipeline. However, before the explosion destroyed the pipeline, it did not trigger a distress signal. According to the investigation of the accident, the hacker turned off the alarm, cut off the communication link, and greatly increased the crude oil in the pipeline. It can be seen that the information security of industrial control systems may directly affect functional safety issues, ranging from property loss to personal injury and endangering national security. Therefore, early to ensure the functional safety of safety-related systems, it entered people’s sight again.
Definition and standards of functional safety
Functional safety is a part of the overall safety of a system or equipment that relies on automatic protection. The automatic protection system needs to respond correctly to its inputs and have a predictable response to failure. This includes human error, hardware failure, and operating/environmental pressure. For example, the boiler control system will monitor the pressure after ignition. When the pressure reaches a limit value that may cause danger, the boiler control system will automatically shut down the fuel system. If this mechanism fails, the boiler continues to burn, and the pressure exceeds the limit and continues to increase, which will cause an explosion.
The Industrial Revolution has brought about earth-shaking changes in our lives. Machines have replaced manpower, and large-scale factory production has replaced individual manual production. However, while people are enjoying the industrial dividend, the disasters caused by this also ensue. In the twentieth century, people who died from work-related accidents have become one of the most serious causes of death for mankind. Especially in the petrochemical and nuclear industries, there have been many explosions or leaks, such as the British military’s Windskell reactor accident in 1957, the Three Mile Island nuclear accident in the United States in 1979, and the leakage of the Union Carbide Plant in Bhopal, India in 1984. A leak occurred at the Chernobyl nuclear power plant in the Soviet Union before 1986. The causes of these industrial accidents are the functional failure of safety-related systems.
It is against this background, after continuous practice and exploration, that Europe and the United States have issued a complete set of functional safety related product directives and design standards, which have penetrated into various fields, such as automobiles (ISO26262), rail control (EN5012X), nuclear power (EN61513), Industrial equipment and machine control (EN62601, ENISO 13849-1/2), process control (EN61511), etc. Internationally, the IEC61508, IEC61511 and other series of standards formed by the IEC have caused strong repercussions in the industrial field, and have gradually become widely used in various countries and industries. Recognized basic functional safety standards, China has also imitated and formed corresponding national standards, and other industry-specific functional safety standards are also referencing and will gradually become national industry standards.
The impact of industrial information security on functional safety
We summarized and summarized three situations in which industrial information security affects functional safety.
1. Cyber attacks lead to the failure of functional safety, which in turn affects system safety.
Take SIS (Safety Instrument System) as an example. The SIS system is mostly used in petrochemical, electric power and other industries. When the industrial control system is in danger, the SIS system causes the production device to enter a predefined safe shutdown condition, thereby reducing the risk to The lowest acceptable level to ensure the safety of personnel, equipment, production facilities and the environment. Since the design of the industrial control system did not take into account the information security at the beginning, the attacker attacked the industrial control system through the network, causing the original functional safety to fail, causing system failure, and then evolving into a source of danger, causing unacceptable risks in the industrial control system. Failure to reduce the risk to an acceptable range will eventually lead to accidents.
2. Industrial information security products affect functional safety.
The current industrial information security products can be purchased and applied in industrial control systems by enterprises after they have been tested by professional institutions, obtained sales permits and test reports. However, the detection of industrial information security products is based on the technical requirements and test evaluation methods of information security technology-related products, and does not consider new problems caused by the combination of industrial control functional safety and industrial information security products. In December 2020, a power plant in Inner Mongolia experienced a unit tripping incident due to industrial information security product issues. This matter has a major impact. It was investigated that it was a bypass device that was connected to a switch between two units. Since the two network ports are in the bypass connection state when the equipment is not powered on, the DCS networks of the two units are directly interconnected, which eventually causes the two units to trip. Bypass is generally used in industrial scenarios, and it can only play a role in series equipment. It can ensure that the business is not interrupted in the first time when the series equipment fails or is out of power. Bypass equipment carried by bypass is mainly due to the tendency of some security vendors to avoid hardware design differences and apply the equipment carrying bypass hardware to a variety of security products at the same time, including firewalls deployed in series, traffic analysis, intrusion detection, log collection, In the security management and other equipment, coupled with the lack of corresponding management procedures during development, bypass was not closed from the bottom, which eventually led to accidents.
Industrial control systems have very high requirements for real-time services. Network delay and jitter may affect functional safety. Industrial information security products deployed in series will obviously increase the uncertainty in this regard. Although there are no relevant cases to prove that delay and jitter will affect the functional safety of industrial control systems, as industrial information security continues to sink, this risk is constantly increasing. At the same time, personnel implementing industrial information security products lack an understanding of the functional safety of industrial control systems, and incorrectly configured industrial information security product strategies may also block normal communications and affect functional safety.
3. Industrial information security strengthens functional security, which in turn enhances industrial security.
There are many similarities between industrial information security and functional security. When the two have overlapping requirements for security, industrial information security can strengthen functional security. For example, the secure communication network in the network security level protection has requirements in communication transmission, and verification technology or cryptographic technology should be used to ensure the integrity of data in the communication process. There is also a requirement for communication integrity in functional security, so when attackers break One component, the other component can still play a role. In another case, industrial information security products can monitor the status of industrial control systems. For example, an industrial security audit system deployed in a critical path of an oil pipeline can not only analyze abnormal network traffic behaviors, but also monitor IEC104 and OPC data collection. When network data is found to be interrupted, the cause of the failure can be analyzed to shorten the troubleshooting time.
Functional safety has gone through countless accidents in the long years before it is gradually perfected. Information security technology is mostly applied to the 2-4 layer in the Purdue model. With the development of industrial Internet, 5G, Internet of Things and other technologies, information security Technology continues to decline and is closely integrated with functional safety. Talking about the two cannot guarantee the safety of the industrial control system. This paper analyzes the three kinds of influences of industrial system information security on functional safety, but still stays at a relatively shallow level to distinguish the relationship between the two. The integration of industrial information security and functional security will expose more problems, which are not only technical but also exist in management. In the future, we should establish a connection from practice, gradually accumulate the influence between the two, and find a set of methods covering the entire life cycle of the industrial control system to protect the industrial control system from harm.