A Proposed Alignment of the National Institute of Standards and Technology Framework with the Funnel Risk Graph Method

The safe and secure operation of critical infrastructure is dependent on appropriate responses to safety, security, and operational priorities into integrated control and safety systems (ICSS), at design stage and throughout the life of the system. Digitization as well as networked automation and control infrastructures have increased in the past years and are leading to remarkable potential security risks. Recent news about serious security incidents, such as the WannaCry ransomware, affecting the whole world are heard more often. The objective of this paper is to come up with an integrated and optimised evaluation framework for ICSS and related subsystems considering cybersecurity and safety. This can be achieved by the alignment of the cybersecurity framework formulated by the National Institute of Standards and Technology with safety and security standards ISA84 (IEC 61511) and ISA99 (IEC 62443), and the novel funnel risk graph method. The need of such alignment between safety and security has been recognized by the research community, the industry, as well as the International Society of Automation (ISA).