The drift of industrial control systems to pseudo security

Abstract

With the promise of a synergistic impact on the Efficiency-Thoroughness Trade-Off, Marketing is increasingly promoting types of Industrial Control Systems (ICS) that by some means combine the two usually segregated core ICS functions into one. A Basic Process Control System (BPCS) is combined with a Safety-Instrumented System (SIS) in a physically integrated form factor using shared resources of some kind. This paper suggests such a strategic choice of technology can result in functional safety (FS) hazards or security vulnerabilities, giving rise to resilience concerns. It takes a sceptical view of such an approach and instead proposes strict segregation of such functions and resources. In the context of critical national infrastructure (CNI), where potentially high consequence events (HCE) may arise from unplanned incidents, the outcome of this paper is to warn against the use of such architecture - even beyond that arena. Both ancient and modern, yet similarly strategic, historical decisions are used as metaphors to illustrate how sometimes insufficiently scrutinised technologies can be later regretted. Practical technical, organisational, and cultural measures are offered to steer against the headwind of commercial pressures in promoting integrated FS and security of the BPCS-SIS environment. A contribution is made of evidence-based, business intelligence gathering measures for BPCS-SIS vendor selection together with a proposal for an alternative, adopted application of proven Uncertainty Assessment Reporting techniques for industrial certification bodies and business stakeholders alike.