Functional Security - Older Sister Information Security, Part 1 of 7

A whole hub is dedicated to security in the Habré, and perhaps no one really thinks about what is embedded in the concept of security, and so everything is clear: information security. However, there is another side to safety, the safety associated with risks to human health and life, as well as the environment. Since information technologies themselves do not pose a danger, they usually speak of a functional component, that is, of security associated with the proper functioning of a computer system. If information security has become critical with the advent of the Internet, then functional security has been considered before the advent of digital control, because accidents have always occurred.

This article begins a series of publications on functional safety.

Information security automated process control system devoted a lot of articles on habr. The authors also dealt with functional security, both in the SCADA hub, and in the industrial programming hub of the industrial control system , but, it seemed to me, somewhat casually. Therefore, I offer short information about this important property, which directly determines whether SkyNET will gain control over humanity.
The article made some generalizations for the ACS TP, as well as for embedded and cyber-physical systems.

Does functional safety deserve attention?

Is functional safety important today? After all, the focus of attention is mainly focused on information security.
')
On the one hand, functional safety is directly related to the reliability of the hardware component, and here there are few unsolved problems, the electronics work flawlessly for years, and if this is not enough, there is always the possibility of redundancy. But there is still a software component, which is exactly the responsibility of managing security functions. Recently on Habré was published the article "The most expensive and fateful mistakes in the IT industry . " It describes several cases, when an error in the software of space systems control systems cost millions of dollars, and this is not all known cases. And there are also system projects that include mechanical, electronic and electrical components, and here, unfortunately, there is also room for errors.

In the article “The Internet of Things (IoT) - the challenges of a new reality”, an analysis was made of cyber threats and methods of ensuring information security for the Internet of Things (Internet of Things, IoT). One of the potential risks is the interception of control at the level of physical devices. Then the attacker can force the control system to perform dangerous functions. In this case, information and functional security are two sides of the same phenomenon. Property information security should ensure the availability, integrity and confidentiality of data management system. The functional safety property should ensure the correct performance of the functions of the control system, and in the event of failures, transfer the control object to the so-called safe state.

Another motive for becoming familiar with functional safety is an understanding of the certification and licensing process. Objects managed by computer systems often pose risks to the environment and people (chemical industry, gas and petroleum industry, medical devices, nuclear and other power plants, rail, road, air transport, etc.). Computer control systems for such objects must perform security functions and possess certain characteristics (redundancy, fault tolerance, self-diagnostics, resistance to external extreme influences, etc.). Control over the development, implementation and operation of computer control systems important to safety is carried out by state certification and licensing bodies. Thus, system developers have to get acquainted with the requirements for functional safety.

Management Systems Architecture

To what class of computer systems can the concept of functional security be applied? Obviously, this is a control and management system. Control or monitoring can be attributed to a particular case of control (data collection with the issuance of a control action only in the event of a critical failure detection), therefore we will call such systems simply control systems.

To summarize, take a look at the apparent structure of the ideal control loop.


In the real world, in this circuit we have: a controlled process, a sensor, a controller, and an actuator. Non-binding from the point of view of management, but, nevertheless, an integral part of today's control systems are the human-machine interface and data handlers obtained as a result of monitoring.


This architecture is implemented for embedded systems (Embedded Systems), widely used in industrial automation, consumer devices, automotive systems, medical devices, communication networks, robots, drones, etc.

Industrial Control Systems uses a more extensive architecture, including networked sensors, programmable logic controllers (PLCs), actuators, data storages, servers and workstations.


Schneider Electric - Modicon Quantum PLC

The most complex is the typical architecture of IoT, I briefly talked about it in an article on Habré.


The control system is implemented at the Device Layer level. Its software and hardware implementation may be similar to the embedded system. In terms of information security, DL-NL & DL-AL access interfaces to the Device Layer level are critical.

Thus, control systems for which it is important to consider the functional safety property include the process control system, embedded systems and IoT.

Standards related to functional safety

In the field of standardization, there is such a thing as “umbrella standard”, i.e. fundamental "vertical" standard of the upper level. For functional safety, such is IEC 61508 "Functional safety of electrical, electronic, programmable electronic safety-related systems " (IEC 61508 Functional safety of electrical / electronic / programmable electronic safety-related systems), which consists of seven parts. This standard has been translated into Russian and implemented in the Russian Federation in the form of a GOST.

Then I tried to briefly interpret the main provisions of IEC 61508. They are, let's say, imperfect, however, they have common sense. The following is the author's treatment taking into account personal experience in the field of functional safety.

According to the provisions of IEC 61508, functional safety implies the correct functioning of both the control system and the equipment it controls. Thus, to ensure functional safety, it is necessary to first determine the safety functions necessary to reduce the risk of the controlled equipment, as well as to achieve and maintain the safety state of the equipment (for example, emergency protection functions). Further, the control system must have the property of the so-called safety integrity, by which IEC 61508 implies the likelihood that the system will correctly perform safety functions under all specified conditions for a given time interval.

When ensuring safety integrity, two types of failures are taken into account: random failures and systematic failures.

Accidental failures are caused by the failure of hardware components and are countered by such methods as redundancy, self-diagnostics, physical and electrical separation of components, increasing resistance to external influences, etc.

Systematic failures are caused by design errors, including software errors. The elimination of systematic failures is possible by improving the design and development processes, testing, configuration management, project management, etc. In addition, since classical redundancy does not allow for the avoidance of systematic failures, so-called diversity is used when redundancy channels are designed using various software and hardware. Expensive, inconvenient, but sometimes helps.

The provisions of IEC 61508 are detailed for potentially hazardous areas. There are, for example, the following standards:
- IEC 61511, Functional safety - Safety instrumented systems for the process industry sector;
- IEC 62061, Safety of machinery - Functional safety of electrical, electronic and programmable electronic control systems;
- IEC 61513, Nuclear power plants - Instrumentation and control for systems important to safety;
- ISO 26262, Road vehicles - Functional safety;
- EN 50129, Railway Industry Specific - System Safety in Electronic Systems;
- IEC 62304, Medical Device Software.

In the aerospace industry, IEC 61508 is not referenced, however, the approach is similar:
- RTCA DO-178C standard was developed for avionics, Software Considerations in Airborne Systems and Equipment Certification;
- in the space industry, standards are developed by space agencies, for example, NASA uses the standard STD 8719.13, Software Safety Standard.

findings

In a friendly, but unpredictable family of "security", fighting for the freedom of information technology from unacceptable risks, two sisters live for themselves: the older, functional safety (safety), and the younger, information security (security).

For control systems, which include architectures such as automated process control systems, embedded systems and the Internet of things (Device Layer), functional safety is a fundamental feature.

Functional safety means the correct functioning of both the control system and its equipment.

Information security in such systems is additional and should prevent intruders from accessing control of the control system and the equipment being controlled.

PS To explain the main aspects of functional safety, the following cycle of articles is developed:
- Introduction to the subject of functional safety ;
- Standard IEC 61508: terminology ;
- IEC 61508 Standard: requirements structure ;
- The relationship between information and functional safety of the process control system ;
- Management processes and functional safety assessment ;
- The life cycle of information and functional security ;
- The theory of reliability and functional safety: basic terms and indicators ;
- Methods to ensure functional safety .

Here you can watch video lectures on the topic of publication.