Created with DiDa

3. Security in an integrated control system.

The following is an updating and summary from the manual of Recommendations and instructions in Programmable Electronic Control Systems published by the Association for Industrial Electrotechnique (FIE), prepared of the former chairman of the FIE and the project leader for this study.
The manual is intended for Swedish industries.

Generally

The supervising and control / regulating of industrial processes occurs nowadays often from central controlroom.
The controller has as an aid a controlsystem with integrated functions.
Within heavy industry and with several process sections in continuous cooperation the centrally located control systems are electronically connected to each others and to the head control systems.
The following functions normally occur:

Automatically sequenced start-up/stop of engines by the operator.
Automatic supervising and regulating of process by the operator.
Transcription of reports on request or automatically accordingly in advance of established formula and periods.

3.1 Security

The functions in the control system is often complex and built up by electronic and powerelectrical systems and components.In cooperation they are also exposed for risks of interference of different types.
The controlsystem consists of software and hardware which are connected to the start-up functions in the electrical powersystem for start-up / stop of the system in the operation and in forced system.
Safety means that the system shall not be so constructed that it could cause risks for the person, process maschinery or the process.
Machines and the adjusting tool may not be started / stopped or be regulated in a way that diverges
from planed and projected function.
The following defects of security can be separated:

Insufficient security could injure directly or indirectly.

Unjustified movements in rotating machines or adjustable tools or unjustified voltage reduction can cause direct injury.

Indirect damage can occur when the process is incorrectly influenced and can constitute a source of personal risk.

Insufficient security in machines can result in damage to the machinery and can resul in economic consequences and direct risk of personal damage.
Insufficient processes and-,environmental security in machinery can cause the degeneration of quality in products, decreased efficiency or damage to nature and environment.
Insufficient security in the maschines can cause direct or indirect injury to individuals.

3.3 Legal demands

The employer has the main responsibility that the laborlaw in environment and the electrical law will be observed.
Additional rules and instructions which have to be noted, exist.
The electrical legislation includes rules for electric establishment, e.g. ordinance for electrician installation.
The penalties for individuals,the company management, or the board of directors are at last in general responsible.

The managing directors have to delegate the tasks who is included in that responsibility.The responsibility can be divided in three areas:

The personel responsibility
The responsibility of plant
The responsibility of authorization

3.4 Security requirements for the control system

Juridical responsibility the utmost responsibility can never be delegated.
The responsibility for some specified tasks can be delegated.
The person who is delegated to manage the responsibility for the system in a control system have therefore before the system is started up to ensure that the system and its administration fulfils established security requirements.

During start up it isn´t difficult to understand why the securityrequirements have to be delegated for the systems structuring and its functions from preprojection to completed construction.

3.5 Security considerations in projection

The controlsystem has an central role in the process; therefore, it is very important to explain the superior philosophy of how the process shall be running and which security level is needed for the system.
In the superior philosophy is included different types of security requirements.

3.6 Basic principles

3.6.1 Process knowledge

Fundamental when planning and implementing functions in a control system is to have a detailed knowledge of the process.
It is essential to have corporate technology experts involved when you are designing a new control system.
It is recommended to form a systems group.
The work in a systems group starts with a study of which security risks are involved in the process and its machineries.
It is particularly important to investigate unusual modes of operation where the process is not running normally.
Start-up / stop sequences can be critical.
A detailed description of the process, as described by process specialists,is basic for the desired specifications of the control system.
The description must include possible modes of operation and related security risks.

3.6.2 Reliability of service

The requirements for service reliability can vary. In some processes, the requirement for reliability of service is high, meaning that few errors and low downtime is allowed.
The requirement for reliability of service can be defined as a number of partial and complete errors that can be accepted within a certain interval of time as well as a requirement for how quickly the errors must be dealt with.
Per definition the conception of reliability of service can be divided according to the following:

Reliability
Serviceability
Maintainability

The term Reliability refers to the probability of failure and is defined as the number of errors per time unit.
Serviceability is the systems suitability of repair and maintenance.
Maintainability refers to the organizations resources for maintenance, spare parts, aids for maintenance etc.,and includes time and repair cost per error.
It also means that errors on redundant systems must be repaired within a certain time to maintain operational readiness.
Redundant system means the presence of more than one possibility to maintain the stated function during error-and maintenance conditions.

3.6.3 Man / machine-communication

The man-machine-system refers to the operators communication with the control system and the process.The need for good man / machine-communication is critical.
The control system must be ergonomically correct and be designed to suit the operators human capabilities and limitations.
The operators must be specially trained for his task.
The system often contains several automatic functions.
The operators must have an understanding of what is going on even during an automated functions. In the case of a malfunction during an automated function, the operator must be able to take over manually.
Even in this situation security functions must be able to override the operator and reinstate the process to a safe condition and then to inform the operator what has occurred.

3.6.4 Safe structures

Building the system´s important functions with redundancy and diversification increases the overall security of the system.
Redundancy means that there is more than one possibility to maintain a certain function during error and maintenance.
Through diversifying redundancy the same functions can be carried out in more than one way.

3.6.5 The human role in the system

The control system should be regarded as an assistants to the human operator.
The development of a new control system is most often aimed at pure technical aspects when more and more functions are automated and taken over from a person.
People provide both positive and negative aspects and are basically too complex to be closely analyzed.
Positive human qualities which no machine can yet replace are the ability of pattern recognition, the ability to assess analyzes, and judgement, the building of strategies, the ability to take initiative and that of creativity.
These characteristics can vary very much between individuals depending on the individual state of mind and / or physical condition.
Some people also have certiain deficiencies such as colour blindness or numerical dyslexia.
In advanced control systems you can to a certain degree, build in functions to compensate for human intervention and prevent apparently erroneous actions resulting in serious consequences for security.
It is of utmost importance that the operator be given a good understanding of the process.It is also just as important for the operator to have a good understanding of how the process functions.
Some important keywords are:

The control system should be designed from what the operator reasonably can manage.
The operator must have a high degree of knowledge of his job.
The operator should regard the control system as a tool to which he is well trained and can trust.
The operator must take responsibility and initiative relating to his work with the system.
The operator has to have instructions available to cope with the situations that may occur.
The control system should be designed with regard to the fact that human beings are prone to have some slight deficiencies such as colour blindless or letter and / or numerical dyslexia.

3.6.6 Electrical interference

Electrical interference can occur in the form of voltage disturbances in the conductors going to or from the system or in the electronic components.
The voltage disturbances can be more or less transient in nature. Small voltage disturbances may not affect the functions of the control system while larger voltage disturbances can unintentionally affect the functions of the control system.
Electronics usually work with in a high frequency range.The source of the disturbances change character with the development of new components which are working in higher frequency ranges.
Functional disturbances can result in:

Unjustified function when the receiver behaves as if it had received a valid signal.
Failed function when the receiver does not behave as it should in spite of having received a valid signal.

Back