Security for Safety System Logic Solvers-Physical Key Switches and Software Locks

Author: Sergio Diaz

As a product marketing manager for DeltaV safety instrumented systems (SIS), I have been asked a few times why the key switch on the CHARMs Smart Logic Solver (CSLS) does not control the lock state as is common with many safety controllers.

The next question is, “Why does the user still need to lock the CSLS via software?” The reason is simple. We consider it more secure to have a two-step approach. Software and hardware approaches both have advantages and disadvantages and by combining the two, we believe we’re creating a more defendable solution for DeltaV SIS.

Let’s review each approach.

Physical Key Switch

The key advantage is that this security method enforces physical presence and a remote attacker cannot operate the key switch. Limitations of the physical key include:

  • It is not possible to automatically lock the logic solver.
  • A person can leave it unlocked by mistake and it will be unprotected until somebody returns the key to the lock position.
  • There are no records within the system of who unlocks the logic solver.
  • There are no user privilege checks by the system which means that if the enclosure is not physically locked as it should be, then a trusted insider could have access to and unlock the logic solver.

Software Lock

A key advantage of a software lock approach is that it is possible to automatically lock the logic solver. This prevents the potential for the logic solver to be left unlocked by mistake. Also, there are historical records of who unlocked a logic solver when it was unlocked. Who can unlock can also be limited by the privileges granted to the users’ accounts.

A key limitation is that compromised user credentials could allow unauthorized individuals to unlock the logic solver. This risk can be mitigated by using a two-factor authentication method to enforce physical presence and deter remote attackers.

The good news is that DeltaV SIS combines these two approaches for enhanced cybersecurity. Protection is provided in not just one, but two ways—by the software lock and the physical key switch, which requires physical presence. For our SLS1508 logic solver platform, an intrusion protection device (IPD) takes the role of the physical key switch to enforce physical presence.

From Jim: Visit the DeltaV SIS CHARMS Logic Solver section on Emerson.com for more on this cybersecurity approach and other capabilities in this safety instrumented system. You can also connect and interact with other process safety experts in the Control & Safety Systems group in the Emerson Exchange 365 community and/or at the September 23-27 Emerson Exchange conference in Nashville.

The post Security for Safety System Logic Solvers-Physical Key Switches and Software Locks appeared first on the Emerson Automation Experts blog.