ISA TR84.00.09

Abstract

This document is intended to address and provide guidance on integrating the cybersecurity lifecycle with the safety lifecycle as they relate to Safety Controls, Alarms, and Interlocks (SCAI), inclusive of Safety Instrumented Systems (SIS). This scope includes the work processes and countermeasures used to reduce the risk involved due to cybersecurity threats to the Industrial Automation and Control System (IACS) network. This scope provides recommendations to ensure SCAI are adequately secured due to the potential for cyber attacks that can act like common mode failures that initiate a hazardous demand and also prevent instrumented protection functions, including the SIS, from performing their intended purpose. The scope is intended to address cybersecurity from both external and internal threats. Although not directly within the scope, enterprise networks, business networks and process information networks (demilitarized zones) that represent a threat vector to the SCAI systems, or contain countermeasures that reduce the risk to the SCAI systems from external cyber threats, are included. The scope does not address physical plant protection (for example, fences, bollards, and grounding) that has the intent of preventing unauthorized entry into the plant so as to prevent theft , vandalism, or physical damage, but does address physical access issues related to cybersecurity of the IACS (12.4 of this technical report). SCAI systems that are constructed exclusively of electrical/electronic components without digital signal technology are not vulnerable to cybersecurity attacks, and these technologies are not discussed in this technical report.