The “Automation Security” working group WG 4.18 of NAMUR (the “User Association of Automation Technology in Process Industries”) has released Worksheet NA 163 “Security Risk Assessment of SIS”
Abstract: IEC 61511 asks for IT - Risk assessments for Safety Instrumented Systems. NA 163 describes who, how often and for which scope the Risk Assessment should be done. Using a Checklist to SIS - Engineer with basic knowledge of IT and Networking is able to perform the assessment.
IEC 61511-1: 2016 clauses that address SIS cyber security / cyber risks: IEC 61511-1: 2016. Functional safety - Safety instrumented systems for the process industry sector - Part 1: Framework, definitions, system, hardware and application programming requirements
- Clause 8.2.4: A security risk assessment shall be carried out to identify the security vulnerabilities of the SIS.
- Clause 11.2.12: The SIS design will provide the necessary resilience against the identified security risks.