Functional safety and cyber security analysis for life cycle management of industrial control systems in hazardous plants and oil port critical infrastructure including insurance - Publication - Bridge of Knowledge

Your account

login

Search

Functional safety and cyber security analysis for life cycle management of industrial control systems in hazardous plants and oil port critical infrastructure including insurance

Abstract

This report addresses selected methodological aspects of proactive reliability, functional safety and cyber security management in life cycle of industrial automation and control systems (IACS) in hazardous plants and oil port critical installations based on the analysis of relevant hazards / threats and evaluation of related risks. In addition the insurance company point of view has been also considered, because nowadays the insurer, interested in decreasing risks to be insured, offers the expertise how to limit effectively risks in life cycle from the design conceptual stage of hazardous plant, through its reliable and safe operation, until decommissioning. Therefore, the risk evaluation model for insurance related decision making for the period considered, e.g. one year, should be plant specific with some predictive properties due to changing environment and business conditions, and usually considerable uncertainty involved. The objective is to evaluate and mitigate risks, and control them proactively, through undertaking appropriate activities within a process based management system according to elaborated policy and strategy that includes organisational and technical aspects, including preventive maintenance activities of sensitive equipment and updating in time the training programmes. Careful evaluating and controlling risks is also crucial for the insurance company. Basic activities of the risk engineers and underwriters in the insurance process are outlined in the context of identified hazards/threats and defined factors that significantly influence risks to be considered in evaluating the insurance premium in the context of terms and conditions specified.

Authors (2)

Cite as

Full text

download paper
downloaded 277 times
Publication version
Accepted or Published Version
License
Copyright (2019 Polish Safety and Reliability Association)

Keywords

Details

Category:
Articles
Type:
artykuły w czasopismach
Published in:
Journal of Polish Safety and Reliability Association, Summer Safety and Reliability Seminars no. 10, pages 99 - 126,
ISSN: 2084-5316
Language:
English
Publication year:
2019
Bibliographic description:
Kosmowski K., Gołębiewski D.: Functional safety and cyber security analysis for life cycle management of industrial control systems in hazardous plants and oil port critical infrastructure including insurance// Journal of Polish Safety and Reliability Association, Summer Safety and Reliability Seminars -Vol. 10,iss. 1 (2019), s.99-126
Bibliography: test
  1. BS EN 15341 (2007). Maintenance - Maintenance Key Performance Indicators. British / European Standard. open in new tab
  2. Brown M. (2009). Developing KPIs that drive process safety improvement. Hazards SSI, Symposium series No. 155, IChemE. Lloyds Register EMEA, Aberdeen. open in new tab
  3. CRO Forum (2014). Cyber resilience, The cyber risk challenge and the role of insurance. KMPG Advisory, Amstelveen. open in new tab
  4. Decree PL (2011). Decree of Economy Minister concerning technical conditions for bases and stations of liquid fuel, and long-distance transfer pipelines for transportation of crude oil and petroleum products, and their location (in Polish). 16.12.2011, Dz.U. No. 276, pos. 1663. open in new tab
  5. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. open in new tab
  6. Directive 2005/65/EC of the European Parliament and of the Council of 26 October 2005 on enhancing port security (OJ L 310, 25.11.2005, p. 28). open in new tab
  7. Directive 2002/59/EC of the European Parliament and of the Council of 27 June 2002 establishing a Community vessel traffic monitoring and information system and repealing Council Directive 93/75/EEC (OJ L 208, 5.8.2002, p. 10). open in new tab
  8. DNV (2001). Marine risk assessment. Offshore technology report 063. HSE books prepared by DNV.
  9. DNV (2013). Risk level and acceptance criteria for passenger ships. European Maritime Safety Agency (EMSA/OP/10), DNVGL.
  10. DNV (2016). Cyber security resilience management for ships and mobile offshore units in operation, Recommended practice, DNVGL- RP-0496.
  11. ENISA (2016). Communication network dependencies for ICS/SCADA Systems, European Union Agency for Network and Information Security. open in new tab
  12. FSA (1996). Formal Safety Assessment. A methodology for FSA of shipping. International Maritime Organisation.
  13. GE (2016). Top 10 Cyber Vulnerabilities for Control Systems, GE Oil & Gas Digital Solutions, General Electric Company.
  14. Gołębiewski D., Kosmowski K.T. (2005). Risk analysis for insurance of technical systems. ESREL, Advances in Safety and Reliability (ed.
  15. Kołowrocki), A.A. Balkema Publishers, Taylor & Francis Group, London, pp. 683-687.
  16. Gołębiewski D. (2010). Insurance Audit, Practical methods of risk analysis (in Polish).
  17. Gołębiewski D., Kosmowski K.T. (2017). Towards process based management system for oil port infrastructure in context of insurance. Journal of Polish Safety and Reliability Association, Vol. 8, No. 1, pp. 23-37.
  18. HSE (2000). ADNOC Group Health, Safety and Environmental Management Guidelines. HSE Risk Management. open in new tab
  19. HSE (2006). Developing process safety indicators, A step-by-step guide for chemical and major hazard. Health and Safety Executive.
  20. HSE (2015). Cyber Security for Industrial Automation and Control Systems (IACS), Health and Safety Executive (HSE) interpretation of current standards on industrial communication network and system security, and functional safety. open in new tab
  21. HSE (2016). Cyber Security for Industrial Automation and Control Systems (IACS), HSE report for Chemical Explosives and Microbiological Hazard Division (CEMHD) and Energy Division, Electrical Control and Instrumentation (EC&I) Specialist Inspectors. open in new tab
  22. IAEA (2015). Development and implementation of a process based management system. Nuclear Energy Series Report NG-T-1.3. International Atomic Energy Agency, Vienna. open in new tab
  23. IEC 61508 (2010). Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems, Parts 1-7. International Electrotechnical Commission, Geneva. open in new tab
  24. IEC 61511 (2015). Functional safety: Safety Instrumented Systems for the Process Industry Sector. Parts 1-3. International Electrotechnical Commission, Geneva. open in new tab
  25. IEC 62443 (2013). Security for industrial automation and control systems. Parts 1-13 (undergoing development). International Electrotechnical Commission, Geneva. open in new tab
  26. ISGOTT (1996). International Safety Guide for Oil Tankers & Terminals, International Chamber of Shipping, London. open in new tab
  27. ISO 9001 (2016). Quality management systems - Requirements. International Organisation for Standardisation. open in new tab
  28. ISO 14001 (2015). Environmental management systems -Requirements with guidance for use. International Organisation for Standardisation. open in new tab
  29. ISO 22301 (2012). Societal security -Business continuity management -Requirements. The International Organisation for Standardisation. open in new tab
  30. Kosmowski Kazimierz T., Gołębiewski Dariusz Functional safety and cyber security analysis for life cycle management of industrial control systems in hazardous plants and oil port critical infrastructure including insurance 126 open in new tab
  31. ISO 22400 (2014). Automation systems and integration -Key performance indicators (KPIs) for manufacturing operations management, Parts 1 and 2. International Organisation for Standardisation. open in new tab
  32. ISO 31000 (2018). Risk management -Principles and guidelines. International Organization for Standardization, Geneva. open in new tab
  33. ISPS Code (2013). Maritime Regulations 2014, Legal notice No. 102, Maritime Transport Decree No. 20 of 2013. open in new tab
  34. Kosmowski K.T. (2003). Risk analysis methodology for reliability and safety management of nuclear power plants (in Polish).
  35. Kosmowski, K.T., Śliwiński, M. & Barnert, T. (2006). Functional safety and security assessment of the control and protection systems. Proc. European Safety & Reliability Conference -ESREL, Estoril. Taylor & Francis Group, London.
  36. Kosmowski K.T. (2013). Functional safety and reliability analysis methodology for hazardous industrial plants. Gdańsk University of Technology Publishers. open in new tab
  37. Kosmowski K.T. et al. (2015). Basics of functional safety (in Polish). Gdańsk University of Technology Publishers.
  38. Kosmowski K.T., Śliwiński M., Piesik E. (2015). Integrated safety and security analysis of hazardous plants and systems of critical infrastructure. Journal of Polish Safety and Reliability Association, Vol. 6, No. 2, pp. 31-45.
  39. Kosmowski K.T. (2015). Methodological issues of functional safety and reliability assessment of critical systems in hazardous plants. Journal of Polish Safety and Reliability Association, Vol. 6, No. 2, pp. 59-69. open in new tab
  40. Kosmowski K.T., Śliwiński M. (2016). Organizational culture as prerequisite of proactive safety and security management in critical infrastructure systems including hazardous plants and ports. Journal of Polish Safety and Reliability Association, Vol. 7, No. 1, pp. 133-145.
  41. Kosmowski K.T., Śliwiński M., Piesik E., Gołębiewski D. (2016). Procedure based proactive functional safety management for the risk mitigation of hazardous events in the oil port installations including insurance aspects. Journal of Polish Safety and Reliability Association, Vol. 7, No. 1, pp. 147-156.
  42. Kosmowski K.T. (2017). Cognitive engineering and functional safety technology for reducing risks in hazardous plants. Journal of Polish Safety and Reliability Association, Vol. 8, No. 1, pp. 73- 85.
  43. Kosmowski K.T. (2017). Safety Integrity Verification Issues of the Control Systems for Industrial Power Plants. In Advanced Solutions in Diagnostics and Fault Tolerant Control. open in new tab
  44. Lebecki K. et al. (2013). Integrated methods of occupational, social and environmental risk management for hazards of major industrial accidents (in Polish). Central Mining Institute (GIG -Główny Instytut Górnictwa), Katowice.
  45. LOPA (2001). Layer of Protection Analysis, Simplified Process Risk Assessment. Center for Chemical Process Safety. American Institute of Chemical Engineers, New York. open in new tab
  46. Mahan R.E. et al. (2011). Secure Data Transfer Guidance for Industrial Control and SCADA Systems. PNNL-20776, Pacific Northwest National Laboratory, Richland. open in new tab
  47. Markowski A.S. (2017). Safety of industrial processes (in Polish). Lodz University of Technology Publishers.
  48. MARPOL (2005). International Convention for the Prevention of Pollution from Ships, Lloyd's Register Rulefinder. open in new tab
  49. OGP (2011). Process Safety -Recommended Practice on Key Performance Indicators. International Association of Oil & Gas Producers, Report No. 456. open in new tab
  50. OGP (2016). Process Safety -Leading Key Performance Indicators. International Association of Oil & Gas Producers, Report No. 556, Supplement to Report 456. open in new tab
  51. Regulation (EC) No 725/2004 of the European Parliament and of the Council of 31 March 2004 on enhancing ship and port facility security (OJ L 129, 29.4.2004, p. 6). open in new tab
  52. STCW (1996). International Convention on Standards of Training, Certification and Watchkeeping for Seafarers, International Maritime Organization, London.
  53. UN (2006). Maritime security: elements of an analytical framework for compliance measurement and risk assessment. United Nations, New York and Geneva. open in new tab
Verified by:
Gdańsk University of Technology

seen 307 times

Recommended for you

Towards a process based management system for oil port infrastructure in context of insurance

2017

Procedure based proactive functional safety management for the risk mitigation of hazardous events in the oil port installations including insurance aspects

2016

Knowledge-based functional safety and security management in hazardous industrial plants with emphasis on human factors

2015

Designing Control and Protection Systems with Regard to Integrated Functional Safety and Cybersecurity Aspects

2021
Meta Tags