The development of automation throughout the 20th century brought enormous changes to the industrial world: some jobs disappeared, others underwent major transformations, new ones were created and, most importantly, the interaction between man and machine was altered forever. The rapid evolution of IT (information technology) in the second part of the 20th century enabled engineers to create increasingly complex control systems that integrated fully between the factory floor and the office environment.
A complex issue
The complexity and sophistication of today’s systems and equipment in industrial plants require a specific approach to safety and security. The cyber security issue has been under close scrutiny in recent years. The risk of being subjected to a cyber attack is not to be taken lightly: industrial facilities (food processing, robot assembly), utilities (oil, gas, water, electricity), transport systems to name just some, these industry sectors may be targeted and will pay a dear price if unprotected.
More often than not, the aim of a cyber-attack isn’t the complete shutdown of a target’s network, but rather a surreptitious intrusion into the network. This may have dire consequences, causing serious damage to the systems and potentially endangering the lives of those operating the installations.
Understanding the cyber environment, protecting industrial control and automation systems, identifying cyber threats and possibly anticipating future development are at stake here. Minimizing exposure to cyber risks is the challenge that industry has to tackle. Among the tools at its disposals are standardization and conformity assessment.
Recognizing that the topic is of vital importance to industry, IECEE, the IEC System of Conformity Assessment Schemes for Electrotechnical Equipment and Components, asked its special WG (Working Group) on Industrial Automation to set up a Task Force to consider the cyber security issues and the potential services the System could offer to tackle them. Apart from cyber security the WG also has the responsibility to deal with functional safety.
IEC International Standards
While it may be challenging to test and certify cyber security, IECEE can already rely on IEC International Standards on automation security that address the issue, notably the IEC 62443series of standards on Industrial Communication Networks – Network and System Security.
…and Conformity Assessment address the issue
Cyber security was on the agenda of the CMC (Certification Management Committee) during the IECEE annual series of meetings, held in Cairns, Australia in June 2014. Ron Collis, Chairman of the IECEE and Convenor of the PSC (Policy and Strategy Committee) WG on Industrial Automation updated his colleagues on the work of the WG pertaining to cyber security. Among the decisions made, the CMC approved the development of a business plan and supported the recommendation to continue discussions with other organizations, such as ISA (International Society of Automation) and WIB (Process Automation Users’ Association) to evaluate potential cooperation
To stress the importance of the issue, IEC CAB (Conformity Assessment Board) has also set up WG17 on cyber security, of which Ron Collis will be Convenor. Members of the IECEE WG on industrial automation may also be involved in the CAB WG17, but, while collaboration between the two groups is encouraged, the responsibilities of each group will be clearly defined, to avoid any overlap.
For more information on IECEE: www.iecee.org
Written by Claire Marchand for our e-tech Magazine. To find out more check out our e-tech article.