A worrying incident has recently occurred in a critical process plant, that had a Triconex Safety Instrumented Systems as the Safety System. As many of you must be aware, Triconex was one of the first systems in the industry to offer Triple Modular Redundant (TMR) architecture. This was a 2oo3 voting logic system, making it one of the systems that had high safety availability, as well as process availability. Over the years the company was bought by various different automation companies including the likes of ABB. Today it is owned by Schneider.
In this Fireye reported case, apparently somebody could reverse engineer the Triconex programming tool and create a malware that had the potential of blocking any action by the system in case of a dangerous detected failure. This malware has been given the name TRITON. It is not clear who or which organization would go to such a great length to create a malware that would bypass a safety system, but it is wakeup call for all process plant owner operators to tighten their operational security policies and procedures.
It is inconceivable that such a program could have been loaded into the system without the connivance of insiders, since it was an airgapped system without any connection to the internet (apparently).
Monday, December 25, 2017
Safety Instrumented Systems Training
There has been a lot of progress and change in the Safety Instrumented Systems field now in the past five years. The standard IEC 61508 was updated in the year 2010 (actually it took almost a year that is in year 2011 for the changed standard to percolate in the industry). This had a number of important changes as compared to the earlier version, such as evaluating whether the security of the SIS is OK, calculating the resultant safety integrity level of connected subsystems of different SIL rated devices in series and parallel combinations, introduction of the concept of No Part Failures and No Effect failures and so on.
Later on in 2016, the IEC 61511 standard (Part 1) was also updated. There were several changes including those related to the competency of personnel in the updated portion.
The best way of updating your own knowledge to be current with these new developments is to learn via e-learning courses such as those provided by Abhisam, which also offer a free certification option for personnel on passing their exam.
Later on in 2016, the IEC 61511 standard (Part 1) was also updated. There were several changes including those related to the competency of personnel in the updated portion.
The best way of updating your own knowledge to be current with these new developments is to learn via e-learning courses such as those provided by Abhisam, which also offer a free certification option for personnel on passing their exam.
Subscribe to:
Posts (Atom)