Tor Olav Grøtan, Martin Gilje Jaatun (SINTEF ICT), Knut Øien, Tor Onshus (NTNU)
2007-06-26
43 pages
Price for printed copy: NOK 200,-

Safety Instrumented Systems (SIS) are very important for the safety of Norwegian offshore installations. Partly as a consequence of evolving Integrated Operation concepts, a need for remote access to such systems from vendors external to the operating company, is expected. This kind of access will go through a number of networks used for other purposes, including the open Internet. This raises a number of security issues, ultimately threatening the safety integrity of SIS. 

The SeSa (SecureSafety) project has developed a systematic and methodological approach to assess whether a given technological solution for remote access to SIS is acceptable. The approach is restricted to the security of the remote access path as such, but also takes into consideration the Safety Integrity Level (SIL) of the SIS itself. Assessment of proper SIL level to be defended through the method described herein is outside the scope.

The “SeSa method”, comprises the following elements:

• A conceptual foundation for
  1) determining the SIL impact through the remote access path and
  2) combining security functionality with SIS implementation
• An architectural model and a checklist of threats and countermeasures along the remote access path
• A “Hazop -like” method for assessing the actual impact on SIL, based on use of the above mentioned checklist

The SeSa method has been developed in close cooperation with members of the PDS forum. The project has received financial support from the Norwegian Research Council