Abstract
Safety Instrumented Systems (SIS) as defined in IEC 61508 and IEC 61511 are very important for the safety of offshore oil & natural gas installations. SIS typically include the Emergency Shutdown System (ESD) that ensures that process systems return to a safe state in case of undesirable events. Partly as a consequence of the evolving “Integrated Operations” concept, a need is emerging for remote access to such systems from vendors external to the operating company. This access will pass through a number of IP-based networks used for other purposes, including the open Internet. This raises a number of security issues, ultimately threatening the safety integrity of SIS.
In this paper we present a layered network architecture that represents current good practice for a solution to ensure secure remote access to SIS. Also, a method for assessing whether a given solution for remote access to SIS is acceptable is described. The primary objective with the specification of the remote access path is to defend the Safety Integrity Level (SIL) of SIS from security infringements. It also accommodates the special case when security functions have to be implemented within SIS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Functional safety of E/E/PE safety-related systems, IEC Std. 61 508 (1998)
Functional safety - Safety Instrumented systems for the process industry sector, IEC Std. 61 511 (2003)
The PDS webpage. Visited, 2007-03-09, http://www.sintef.no/static/tl/projects/pds/www/
Information technology - Security techniques - Information security management systems - Requirements, ISO/IEC Std. 27 001 (2005)
Line, M.B., Nordland, O., Røstad, L., Tøndel, I.A.: Safety vs Security?. In: Proceedings of PSAM 8, New Orleans (2006)
Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security, NIST special publication 800-82 (initial public draft) (September 2006), http://csrc.nist.gov/publications/drafts/800-82/Draft-SP800-82.pdf
Grøtan, T.O.: Secure Safety in Remote Operations. In: Proceedings of ESREL 2006, Estoril, Portugal (2006)
Schoitsch, E.: Design for safety and security of complex embedded systems: A unified approach. In: Cyberspace Security and Defense: Research Issues. NATO Science Series II - Mathematics, Physics and Chemistry, vol. 196 (2006)
Kosmowski, K., Sliwinski, M., Barnert, T.: Functional safety and security assessment of the control and protection systems. In: Proceedings of ESREL 2006, Estoril, Portugal (2006)
NISCC Good Practice Guide - Process Control and SCADA Security, PA Consulting Group on behalf of NISCC, Tech. Rep. (October 2005), http://www.cpni.gov.uk/docs/re-20051025-00940.pdf
Byres, E., Karsch, J., Carter, J.: Good Practice Guide - Firewall Deployment for SCADA and Process Control Networks. British Columbia Institute of Technology, on behalf of NISCC, Tech. Rep. (2005), http://www.cpni.gov.uk/docs/re-20050223-00157.pdf
Naedele, M.: Standardizing industrial IT security - a first look at the IEC approach. In: Proceedings of 10th IEEE Conference on Emerging Technologies and Factory Automation, vol. 2, p. 7 (2005)
OLF Guideline 104: Information Security Baseline Requirements for Process Control, Safety, and Support ICT Systems (2006), http://www.olf.no/?35820.pdf
Forskrift om styring i petroleumsvirksomheten (Styringsforskriften), Norwegian Petroleum Directorate, §1 (December 2004)
IT Grundschutz Manual. Bundesamt für Sicherheit in der Informationstechnik (2004), http://www.bsi.de/english/gshb/manual/
Kerckhoffs, A.: La cryptographie militaire. Journal des sciences militaires IX, 5–38 (1883)
Whitepaper: Tenix Interactive Link Data Diode. Tenix America (a subsiduary of Tenix pty). Visited 2007-03-16 (2006), http://www.tenixamerica.com/images/white_papers/TenixIL_DataDiode.pdf
Hazard and operability studies (HAZOP studies) - Application guide, IEC Std. 61 882 (2001)
Information technology - Security techniques - Evaluation criteria for IT security, ISO/IEC Std. 15 408 (2005), http://www.commoncriteriaportal.org/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jaatun, M.G., Grøtan, T.O., Line, M.B. (2008). Secure Safety: Secure Remote Access to Critical Safety Systems in Offshore Installations. In: Rong, C., Jaatun, M.G., Sandnes, F.E., Yang, L.T., Ma, J. (eds) Autonomic and Trusted Computing. ATC 2008. Lecture Notes in Computer Science, vol 5060. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69295-9_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-69295-9_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69294-2
Online ISBN: 978-3-540-69295-9
eBook Packages: Computer ScienceComputer Science (R0)