Integrating industrial control system (ICS) safety and security - a potential approach

The safe and secure operation of critical national infrastructure is dependent on suitable responses to safety, security and operational priorities being integrated into Industrial Control Systems (ICS), at design stage and throughout the system life. This paper proposes a logical and structured approach to achieving this through successive consideration of the effect of decisions on pre-determined and prioritised safety, security and operational functions throughout the design and implementation lifecycle. It proposes some techniques that can be employed in whole or part, are scalable and are suitable for further investigation, and potentially development by one of the groups currently looking at ICS security. The approach described goes some way towards improving: 1. A common understanding and communications across organisational levels and siloed teams. 2. Ability to demonstrate the relative benefits of different options, or of a single project proposal compared with the `do nothing' option, supporting investment decision making. 3. Ability to demonstrate to stakeholders, investors, regulators or oneself that a particular level of cyber maturity or residual risk is appropriate.