SIS - Safety Instrumented System

What is SIS?

SIS (Safety Instrumented System) is a dedicated automation system whose sole purpose is to protect people, the environment and industrial installations from the consequences of process failures or malfunctions. SIS operates independently from the process control system (DCS/SCADA) and automatically takes protective action when a hazardous condition is detected - closing valves, shutting down equipment or initiating emergency procedures.

An SIS consists of three elements: sensors measuring critical parameters, a logic solver (a dedicated safety controller) and final elements (actuators). SIS design is based on risk analysis and is governed by standards IEC 61508 (general) and IEC 61511 (process industry), which define Safety Integrity Levels (SIL).

SIS is the last layer of protection against catastrophe. If the process control system fails, it is the SIS that must prevent an explosion, a toxic release or another life-threatening event.

Why does it matter?

An attack on a SIS is one of the most dangerous scenarios in industrial cybersecurity. The TRITON/TRISIS campaign of 2017 demonstrated that APT groups are capable of targeting safety controllers - the goal was to disable safety systems at a petrochemical plant, which could have led to a catastrophe.

SIS must be physically and logically separated from the process control network and the corporate network. Organisations should treat SIS protection as an absolute priority - a situation where an attacker simultaneously manipulates the process and disables safety systems must not be allowed to occur.

Related topics

• DCS
• ICS
• OT security
• Defense-in-depth