ARC Advisory Group’s 23rd annual Industry Forum in Orlando, Florida included a panel discussion that explored the relative merits of integrated versus not integrated safety systems in an increasingly connected world. For years, there have been two warring factions on this issue. On one side, are those who argue that the technology used for safety must be independent of the process control technology. On the other side, are those who praise the benefits of a tightly integrated system with common technology.
Both arguments certainly have their merits. There are obvious cost, training, and support benefits to using common technologies for both process and safety functions. On the other hand, the threat of common mode failures could mean that a failure could potentially cause both the basic process control system (BPCS) and the safety instrumented system (SIS) to stop working at the same time.
So, is the extra precaution provided by disparate systems necessary or overkill? Does digitalization change the conversation? And what about recent cyber breaches?
Setting the Stage
ARC analyst, Mark Sen Gupta (author of this report) led off the session by providing some needed context.
The most obvious complication here is that the safety standards give little prescriptive advice by design. This leads engineers to fend for themselves as there is no clear “best practice.” Many corporations today are the product of acquisitions and divestitures. A company may have decided one way, but a merger might mean both types of installations might exist within the corporation. Since it’s often too expensive to re-place the opposing system, many industrial organizations today face the challenge of having to maintain training on a separate technology and the costs associated with spare parts.
Defining Terminology for Integrated Safety Systems
When having a conversation on integrated and non-integrated safety systems, it is important to define the terms. ARC Advisory Group defines an integrated safety system as sharing a common software and/or hardware platform with the basic process control system (BPCS) with which it communicates. It may also be referred to as a “common” plat-form. In contrast, a non-integrated safety system, is a safety system that (may or may not be) connected via a network and share data with the DCS but uses a different (or independent) software and hardware platform. This type of arrangement is sometimes called “interfaced.”
Market Trends Change the Risk Equation
ARC Advisory Group is tracking several related market trends:
- Suppliers that offer integrated systems now have non-integrated offerings, as well. ARC believes that this isn’t an abandoning of the integrated platform approach, but a recognition that both approach-es have their merits, and this is necessary to increase market share. On the flip side, some proponents of separation now appear to be at least open to considering interfaced approaches.
- Safety lifecycle tools leverage enterprise connectivity. This reflects a need to make things easier to support and allow greater visibility in-to the systems and their statuses. However, the connectivity can expose critical systems to external weaknesses and create more complexity, increasing other risks.
- Increasing government scrutiny puts pressure on users to ensure they can identify problems quickly.
- Increasing burden on shrinking labor resources pressures users to simplify work flows and leverage a reduced skillset.
- Cybersecurity concerns continue to increase. This has been high-lighted by several breaches in the past few years.
So, have these trends affected the approach to choosing a safety platform?
Panelists Weigh in
In the panel discussion that followed, Dave Deibert, Technology Man-ager with Air Products; Scott Mourier, Global Process Automation SIS SME with the Dow Chemical Company; Uy Pham, PCS Team Lead with Chevron; and – representing the supplier community - Chris O’Brien, Partner and Executive Vice President with exida, fielded questions from the audience over the next hour and a half.
In their respective introductions, each end user provided a very similar picture of their companies having both types of installations in their facilities. Some were the result of acquisitions. Others were the result of corporate culture. In some cases, the application and circumstances pushed the decision one way over another.
How Does Cybersecurity Affect the Decision Process?
The first question from the audience centered on whether the risks of cybersecurity changed the decision. The panel addressed this question by pointing to the implementation of best practices and adherence to cybersecurity and safety standards. From a cybersecurity standpoint, the panel agreed that architecture also had substantial influence in cybersecurity. Here, the panelist referred to the recent Triton attack that compromised a poorly designed, implemented and maintained non-integrated safety system architecture. Mr. Pham pointed out that many breaches are physical in nature. Mr. O’Brien highlighted the fact that the communication stacks used by disparate systems may be sourced from the same third-party provider and therefore a non-integrated system might have a common failure mode that the suppliers may not be aware of.
Are the Greenfield Installations Different?
During this discussion, the panelists spoke about the benefits of an integrated solution with respect to the ease of installation with regard to engineering flexibility, system management, communications, user interface, and field interfaces. However, they said it depends on how the plant will run and the available skillsets, which can vary greatly by geography. They recommended that each user set up a checklist of all the attributes needed from the safety system and the system overall, being sure to evaluate the system from a risk perspective as well.
How Does Safety Lifecycle Impact the Decision?
The panelists pointed back to the architecture and how the software is deployed. They also mentioned the importance of personnel training, particularly cybersecurity training. The standards are pushing end users to pull more data from systems and make it more accessible, so end users need to evaluate the functionality needed from their systems, their current architectures, and the associated risks of expanding data access.
What About Industry 4.0 Efforts?
There was a general acknowledgement that the demand for data and increased connectivity also increases the cyber risk. The big concern centered around writing to the safety device. Mr. Pham mentioned that Chevron is investigating using data diodes to limit connectivity to read-only at his company. Mr. Mourier brought up wireless technology as being too untried or new to be deployed in a safety scenario and was unaware of any serious implementations. It was also mentioned that the safety systems should not be used to gather data for purposes such as equipment asset management.
A sub-topic question around the use of edge devices was posed. The discussion flowed along similar lines, highlighting the risk aversion in this area. Edge introduces a new set of required skills not traditionally held by safety personnel. Mr. Deibert emphasized the importance of trusting the hazard and operability (HAZOP) process in helping to navigate these issues.
ARC Advisory Group clients can view the complete report at ARC Client Portal
If you would like to buy this report or obtain information about how to become a client, please Contact Us
Keywords: Process Safety, Integrated, Lifecycle, Cybersecurity, Dow Chemical, exida, Chevron, Air Products, IIoT, MCC, SIS, ARC Advisory Group.