Last updateMon, 19 Mar 2018 5am

Siemens gets TUV Certification in the development process Automation products

As the first company to receive TÜV SÜD certification based on IEC 62443-4-1 for the interdisciplinary process of developing Siemens automation and drive products, including industrial software, Siemens received the certification at seven development sites in Germany. Among other things, these sites are developing Simatic S7 industrial controllers, Simatic industrial PCs, Simatic HMI (Human Machine Systems Interface) devices for operator control and monitoring, and Sinamics drives as well as the TIA (Totally Integrated Automation) Portal engineering software. The international series of standards IEC 62443 defines the security measures for industrial automation systems, with Part 4-1 of the standard describing the requirements of the manufacturer's development process.
The TÜV SÜD certificate is based on the standard IEC 62443-4-1 (Secure Product Development Lifecycle Requirements, Draft 3 Edition 10, 01.2016). This standard includes security-relevant requirements such as capabilities and expertise, security of third-party components, process and quality assurance, secure architecture and design, and issue handling as well as security updates, patches and change management.

As a leading automation and software supplier for industry, Siemens is continuously improving its products and solutions with regard to industrial security. This also includes the certification based on IEC 62443-4-1. With this achievement, the company is documenting its "Security by Design" approach for automation products and is giving integrators and operators a transparent insight into the IT security measures. Integrators and operators use this for the conception and operation of automation processes and systems using Siemens technology and the "Defense in Depth" protection concept.

To ensure comprehensive protection of industrial plants from internal and external cyber attacks, all levels must be protected simultaneously – ranging from the plant management level to the field level and from access control to copy protection. This is why our approach to comprehensive protection offers defense throughout all levels – "defense in depth". This concept is according to the recommendations of ISA99 / IEC 62443 – the leading standard for security in industrial applications.

Rockwell Automation Expands Machinery Safety System Integrator Program

Many manufacturers rely on system integrators to design and install compliant machinery safety solutions, but they often struggle to find the most capable provider. To help ease that process, Rockwell Automation continues to expand its global Machinery Safety System Integrator program. Three new members have joined in the first half of 2016, bringing the total number to 26.

“We created this program in 2014 to connect manufacturers with safety system integrators they can trust,” said Mark Eitzman, manager of safety market development, Rockwell Automation. “It’s become a valuable resource for manufacturers because we do the vetting for them. We make sure the integrators thoroughly understand current safety standards and know how to apply safety technologies in a way that also improves plant productivity.”

To be eligible, candidates must be current Rockwell Automation Solution Partners or Recognized System Integrators with three to five years of machine safety experience. They must complete an intensive education and assessment process, but Rockwell Automation also recognizes third-party certification from industry-accepted organizations, such as TÜV or exida.

After meeting these initial requirements, each candidate’s safety engineers complete training modules on topics such as global safety standards, safety risk assessment practices, and safeguarding mitigation and validation. Finally, each candidate must submit a machinery safety project that is consistent with global standards.

The three new members of the program include:

  • Automation Electronics Group and Systems (AEG Systems), a Rockwell Automation Recognized System Integrator based in Mexico, specializes in customized process, motion and MES applications for clients around the world.
  • RT Engineering, a Rockwell Automation Recognized System Integrator located in Franklin, Massachusetts, provides custom controls and automation solutions for customers in the medical, pharmaceutical and metals industries.
  • SINCI, a Rockwell Automation Solution Partner located in Guadalajara, Mexico, specializes in control, process and information applications for customers in food and beverage, metals, mining and utilities.

Schneider Electric achieves exida Security Development Lifecycle Certification

exida, the global leader in functional safety and cybersecurity certification for the process industries has certified three Schneider Electric product development sites in Foxboro, Mass., Worthing, U.K., and Hyderabad, India, for compliance with the exida Security Development Lifecycle certification based on IEC 62443-4-1. exida is a globally recognized ISO 17065 accredited Certification Body (CB) in cybersecurity.

The three certified Schneider Electric sites utilize a product development lifecycle that includes cybersecurity considerations in all phases of new product development, demonstrating an institutionalized commitment to securing industrial automation and control systems (IACS).

“As IT and OT converge, more technology is connecting with more technology; more people are connecting with more technology; more people are connecting with more people. All this connectivity is driving an influx of data that can be very beneficial to control system operators and engineers, but it all has to be secured first,” said Andy Kling, director of Process Automation cybersecurity and software practices, Schneider Electric. “This certification acknowledges our commitment to addressing safety and cybersecurity concerns head on to ensure our customers can take advantage of all the benefits of a connected, modern plant. We are pleased to work with exida and other industry-leading organizations, and look forward to continuing and strengthening our relationship with them so we can all meet continuous, rigorous cybersecurity demands.”

“Schneider Electric has a strong, industry-leading product development process and they built upon that to add the requirements of exida’s cybersecurity program,” said Dr. William Goble, exida managing director. “They treated the cybersecurity issue very seriously and created a process that will help them avoid hacker attacks.”

Exida presents Safety Award for Automation Cybersecurity Development to Schneider Electric

Mike Medoff, exida senior safety engineer presented the 2015 exida Safety Award in the Cybersecurity Category to Schneider Electric recognizing their Process Automation Cybersecurity Development Process. The presentation was delivered at Connect 2016, Schneider Electric’s Automation Conference on May 24, 2016 in New Orleans, LA.

The exida Safety Awards is an annual program that honors exida certified products/processes that best demonstrate new and innovative work, and that have the ability to play a key role in the continuous journey of making the world a safer place.

Exida SILAlarm V2.10 - Alarm Flood Suppression

The ISA-18.2 and IEC 62682 alarm management standards provide recommended targets for average alarm rate and for alarm floods - a condition during which the alarm rate is greater than the operator can effectively manage (e.g., more than 10 alarm per 10 mins) Ref ISA-18.2. During alarm floods the chance of an operator missing an alarm or making a mistake is increased. The following table taken from IEC 61511 shows how the reliability of humans is impacted by stress.
Consequently, alarm floods reduce the effectiveness of alarms used as safeguards or independent protection layers and increase the chances of process safety incidents.

Alarm rationalization is typically effective at reducing average alarm rate. To alleviate alarm floods, advanced alarming techniques such as alarm flood suppression may be required. Exida SILAlarm™ provides the ability to define and document alarm flood suppression requirements so that they can be implemented in the control system. For DeltaV users, alarm flood suppression can be configured automatically in DeltaV via bulk edit from SILAlarm using new modules created by Emerson and exida.

SILAlarm provides the ability to define alarm flood suppression requirements systematically via a standard interface.

  • Trigger conditions (required and / or voted) and associated logical expressions (for implementation in the control system)
  • Maximum Suppression Time
  • Unsuppression Behavior (Unsuppress all, Unsuppress none, Unsuppress Inactive alarms only)
  • Common Alarm for annunciation to the operator (when other alarms are suppressed)
  • Alarms to be suppressed*
  • Suppressed priority (to change the alarm priority dynamically during a flood)
  • Audit & Enforce changes detected in the control system configuration
  • Management of Change
  • Description text: Group, Required, Voted conditions for display on HMI faceplates and graphic screens.