Industrial Control Systems (ICS) architecture have to prioritize safety & security, particularly for Safety Instrumented Systems (SIS). This post express into fundamental ideas for SIS zoning, protection & communication.
ISA/IEC62443 emphasizes the separation of the Safety Instrumented Systems (SIS) zone from the control zone, which can be accomplished in several ways.
ISA-TR84/21/ presents four approaches for cybersecurity associated with the safety lifecycle:
Air-gapped: The SIS is entirely separate from control system along with additional networks. There is no direct communication between the SIS & other systems.Maximum security with restricted integration & real-time monitoring capabilities.
Interface: The SIS interfaces with the control
For monitoring, the system is connected via a one-way communication link, often via read-only data transfer. Limits data flow to read-only, thereby striking a balance across integration & security.
Integrated (control & SIS) 1 zone: The SIS & control system share the same network zone, with logical segmentation between them. To avoid unwanted interactions, strong cybersecurity measures like access limits and communication channel separation are required.
The SIS and control system are located in distinct network zones, with controlled, regulated communication among them.
Traffic from the SIS zone communicates with the basic process control system (BPCS) & higher-level systems for monitoring.
This information must be read-only as it flows from the SIS zone to other systems.
The separation of SIS zones must be based on risk assessments.
SIS & process control communications must be physically or logically segregated.
Failures and cybersecurity incidents should not prohibit the SIS from carrying out its safety tasks.
It should not be possible to connect to SIS from other zones (which includes remote access applications) at level 3 (or) higher. (IEC 62443-2-4)
The SIS controller must be protected from unwanted and unexpected changes, such as using distinct passwords for each SIS.
Only authorized people who have been designated as SIS system users should have access to the password.
Hardwired signals across SIS controllers can be utilized for safety-critical communication via a shared process network.
To provide additional security for the SIS controllers, a local security device (such as a key switch) can be employed.
In a network wherein the SIS & process control are physically linked, logical separation is required to ensure that these requirements are accomplished.