Mike Medoff, exida senior safety engineer presented the 2015 exida Safety Award in the Cybersecurity Category to Schneider Electric recognizing their Process Automation Cybersecurity Development Process. The presentation was delivered at Connect 2016, Schneider Electric’s Automation Conference on May 24, 2016 in New Orleans, LA.

The exida Safety Awards is an annual program that honors exida certified products/processes that best demonstrate new and innovative work, and that have the ability to play a key role in the continuous journey of making the world a safer place.

The ISA-18.2 and IEC 62682 alarm management standards provide recommended targets for average alarm rate and for alarm floods - a condition during which the alarm rate is greater than the operator can effectively manage (e.g., more than 10 alarm per 10 mins) Ref ISA-18.2. During alarm floods the chance of an operator missing an alarm or making a mistake is increased. The following table taken from IEC 61511 shows how the reliability of humans is impacted by stress.
Consequently, alarm floods reduce the effectiveness of alarms used as safeguards or independent protection layers and increase the chances of process safety incidents.

Alarm rationalization is typically effective at reducing average alarm rate. To alleviate alarm floods, advanced alarming techniques such as alarm flood suppression may be required. Exida SILAlarm™ provides the ability to define and document alarm flood suppression requirements so that they can be implemented in the control system. For DeltaV users, alarm flood suppression can be configured automatically in DeltaV via bulk edit from SILAlarm using new modules created by Emerson and exida.

SILAlarm provides the ability to define alarm flood suppression requirements systematically via a standard interface.

• Trigger conditions (required and / or voted) and associated logical expressions (for implementation in the control system)
• Maximum Suppression Time
• Unsuppression Behavior (Unsuppress all, Unsuppress none, Unsuppress Inactive alarms only)
• Common Alarm for annunciation to the operator (when other alarms are suppressed)
• Alarms to be suppressed*
• Suppressed priority (to change the alarm priority dynamically during a flood)
• Audit & Enforce changes detected in the control system configuration
• Management of Change
• Description text: Group, Required, Voted conditions for display on HMI faceplates and graphic screens.

exida, the global leader in functional safety and cybersecurity certification for the process industries has certified three Schneider Electric product development sites in Foxboro, Mass., Worthing, U.K., and Hyderabad, India, for compliance with the exida Security Development Lifecycle certification based on IEC 62443-4-1. exida is a globally recognized ISO 17065 accredited Certification Body (CB) in cybersecurity.

The three certified Schneider Electric sites utilize a product development lifecycle that includes cybersecurity considerations in all phases of new product development, demonstrating an institutionalized commitment to securing industrial automation and control systems (IACS).

“As IT and OT converge, more technology is connecting with more technology; more people are connecting with more technology; more people are connecting with more people. All this connectivity is driving an influx of data that can be very beneficial to control system operators and engineers, but it all has to be secured first,” said Andy Kling, director of Process Automation cybersecurity and software practices, Schneider Electric. “This certification acknowledges our commitment to addressing safety and cybersecurity concerns head on to ensure our customers can take advantage of all the benefits of a connected, modern plant. We are pleased to work with exida and other industry-leading organizations, and look forward to continuing and strengthening our relationship with them so we can all meet continuous, rigorous cybersecurity demands.”

“Schneider Electric has a strong, industry-leading product development process and they built upon that to add the requirements of exida’s cybersecurity program,” said Dr. William Goble, exida managing director. “They treated the cybersecurity issue very seriously and created a process that will help them avoid hacker attacks.”

Siemens has opened its "Cyber Security Operation Center" (CSOC) for the protection of industrial facilities, with a joint location in Lisbon and Munich and one in Milford (Ohio) in the USA. Siemens industrial security specialists based at these sites monitor industrial facilities all around the world for cyber threats, warn companies in the event of security incidents and coordinate proactive countermeasures. These protective measures are part of Siemens' extensive Plant Security Services with which the enterprise supports companies in the manufacturing and processing industry in encountering constantly changing security threats and increasing plant availability.

The increased networking of industrial infrastructures ("Internet of Things", "Industrie 4.0") calls for appropriate protective action for the automation environment. This is where the Siemens Plant Security Services enter the picture: these services range from Security Assessments and the installation of protective measures, such as firewalls and virus protection (Security Implementation), through to the continuous surveillance of plants with the Managed Security Services, which is now offered by the CSOCs themselves. If the Siemens experts detect an increased risk, they give the customer an early warning, issue recommendations for proactive countermeasures and coordinate their implementation. The countermeasures are based on the criticality of the incident and the likely impact on the customer's business. They include modifying firewall rules or providing updates for closing gaps in security. In addition, Siemens provides forensic analyses of security incidents. Companies are then in a position to prepare reports that comply with international standards such as ISO 27002 or IEC 62443. And that is not all – companies also receive a transparent view of their plants' security status. Siemens' Plant Security Services use products from the company's collaboration partner, Intel Security. These include: McAfee VirusScan, McAfee Application Control, McAfee ePolicy Orchestrator (ePO) as well as McAfee Enterprise Security Manager with Security Information and Event Management.