The ISA-TR84.00.09-2023 Part 1 (Draft) technical report is ready for review and comments. You can download the draft isa-tr84.00.09 pdf and if you have any comments, you can submit them to the ISA committee, if the committee approves, it will be incorporated into the next draft or published as the final report after all approved changes, comments have been incorporated.
What is ISA TR 84?
ISA is the International Society for Automation and it has published a technical report ISA TR84 is not one document, but rather refers to a series of technical reports, that deal with various aspects of Functional Safety and Safety Instrumented Systems in the Process Industry Sector.
Here is a list of all the ISA TR84 (Technical reports) published so far:
Sr No | ISA TR No | Subject | Status |
---|---|---|---|
1 |
ISA-TR84.00.02-2022
|
Safety Integrity Level (SIL) Verification of Safety Instrumented Functions | Published |
2 | ISA-TR84.00.03-2019 | Automation Asset Integrity of Safety Instrumented Systems (SIS) | Published |
3 | ISA-TR84.00.04-2020 | Part 1, Guidelines for the Implementation of ANSI/ISA-61511-1-2018 | Published |
4 | ISA-TR84.00.04-2005 | Part 2: Example Implementation of ANSI/ISA-84.00.01-2004 (IEC 61511 Mod) | Published |
5 | ISA-TR84.00.05-2009 | Guidance on the Identification of Safety Instrumented Functions (SIF) in Burner Management Systems (BMS) | Published |
6 | ISA-TR84.00.07-2018 | Guidance on the Evaluation of Fire, Combustible Gas, and Toxic Gas System Effectiveness | Published |
7 | ISA-TR84.00.08-2017 | Guidance for Application of Wireless Sensor Technology to Non-SIS Independent Protection Layers | Published |
8 | ISA-TR84.00.09-2017 | Cybersecurity Related to the Functional Safety Lifecycle | Published |
9 | ISA-TR84.00.09-2023 | Cyber Security Related to the Functional Safety Lifecycle | Draft |
As you can see on Row 9, the latest TR in the series, is about Cybersecurity related to Functional Safety.
What is ISA TR 84.00.09 about?
ISA TR 84.00.09 is about Cybersecurity related to the Functional Safety lifecycle. The original ISA TR 84.00.09 was published in 2017 and is now being modified to reflect all the changes that are happening as regards Industrial Cybersecurity in the process industry. When this new one is published, it will supersede the older one.
This report is related to Cyber Security Related to the Functional Safety Lifecycle. For those of you who know, the Safety Lifecycle is an important concept that is used in Functional Safety, to ensure that the plant or equipment under control (EUC) continues to work safely throughout its life.
Here is a representation of the Safety Life cycle for process industry sector. However variations of this lifecycle are applicable to any industry, not just the process industries.
The first part of the lifecycle here begins with Hazard and Risk Analysis. This is generally considered to be the PHA stage (Process Hazard Analysis stage). Here, the owner along with the help of the design/engineering consultants and safety experts carry out a PHA to identify possible hazards in the process and come up with appropriate safeguards and mitigations. The PHA can be carried out by various hazard and risk assessment methods including HAZOP and What-If Analysis or Structured What-If Analysis (SWIFT). During later stages, techniques like LOPA (Layer of Protection Analysis) are also used.
Functional Safety & Cybersecurity
Functional Safety cannot work if the cybersecurity of the Safety Instrumented System cannot be assured. Read the guide here to know more about the relation between Functional Safety and Cybersecurity.
Cyber PHA- PHA and Cybersecurity
What is important to note is that currently very few PHA studies currently consider cyber threats. At best a CHAZOP (Control HAZOP) may be included, but a cyber threats study or a security vulnerability analysis is rarely carried out.
This leaves the possibility that many of the safety interlocks that are necessary to mitigate the identified hazardous scenarios may not work at all, because a cyber attack can disable them from working. Since most BPCS and SIS that exist today, have some form of programmable electronic systems, this is highly likely, especially if the systems are not configured or operated with cybersecurity considerations. Hence it is very important to consider that a cyber attack on the BPCS or SIS or both can cause either a complete failure of these systems (like any other common cause failure) or will degrade these systems granularly as happened during the Stuxnet and other attacks, where the operators did not know that their BPCS was not functioning properly as the HMI also had been compromised.
Safety Requirements Specifications
Thus it is also important to have cyber security requirements in the Safety Requirements Specifications, so that the designed Safety Instrumented Functions will work in spite of a cyber attack, or at least have some form of alternative backups and workarounds that will prevent a disaster.
Other stages of the Functional Safety Lifecycle
Similarly cyber security plays an important part at all stages of the Functional Safety Life cycle and this is covered in the ISA TR.
Where to learn more?
Unfortunately, most Functional Safety and SIS courses on the market today do not cover the cybersecurity part in detail and this is where the Abhisam courses shine. There is no use of spending millions of $ on a SIS that can be easily disabled by a cyber attack.
To know how to protect your plant assets and other equipment, including the Safety Instrumented System from cyber attacks, please take the Abhisam Functional Safety, SIL and SIS Cybersecurity (Level 1) and the Abhisam CICP (Certified Industrial Cybersecurity Professional ) Training programs today.
Abhisam also has a bundle option where you can get Functional Safety and Cybersecurity courses in one bundle at a discounted price. Click here to know more.