Research On Risk Assessment Method Of Sis Based On Safety And Security

Safety instrumented system is a typical industrial process safety control system,which is closely connected with industrial automation production.In recent years,with the integration of industrialization and informatization,the safety instrumented system has changed from closed to open.Following this,more and more network attacks have appeared in our field of vision,and the occurrence of industrial safety accidents has become more and more common.In this context,only the functional safety risk analysis of safety instrumented systems can no longer meet the needs of the current situation,and we urgently need a risk assessment method that integrates functional safety and information security.At present,there are no mature standards at home and abroad to support the integration of the two,and many papers only discuss the framework of the integration of the two.Therefore,this paper proposes a new risk assessment method for the integration of functional safety and information security under the support of the national key R&D program “Basic Manufacturing Technology and Key Components”,and takes the safety instrumented system as an example to carry out an effective method.The verification of the nature of the two provides a certain idea for the risk analysis of the integration of the two,and plays a role in early warning for the occurrence of risks.The main research contents of this paper are as follows:(1)Research on the integrated risk assessment process of functional safety and information security.The basic definitions and concepts of functional safety and information security are introduced respectively,the similarities and differences between the two are discussed in depth,the connection and importance of the two are expounded.Furthermore,we build an integrated relationship model of functional safety and information security risk elements and an integrated risk assessment process.(2)The construction of the integrated model of fault tree and attack tree.Taking the functional safety risk assessment method as the main body,and combining it with the information security risk assessment method,it is proposed to integrate the functional safety risk assessment method fault tree analysis and the information security risk assessment method attack tree analysis,and define a new event.Fault tree-attack tree model.Taking the minimum cut set and structural importance as the indicators of qualitative risk analysis,and the probability of occurrence of top events and safety level as the indicators of quantitative risk analysis,qualitative and quantitative risk analysis is carried out.(3)Case analysis and verification of the integrated model of fault tree and attack tree.Taking the safety instrumented system of the 4# oil tank group in a storage and transportation system of an oil depot as an example,the system architecture of the safety instrumented system and the safety instrumentation function of the liquid level control loop are introduced,and then the top event structure is "fire and explosion of oil tank causing personal injury" Fault tree-attack tree model.Qualitative risk analysis and quantitative risk analysis are carried out on functional safety events and information security events,and the validity of the fault tree-attack tree model is verified,which provides a certain idea for security integrated risk analysis.Through the above research,this paper obtains that the newly proposed fault treeattack tree model can indeed carry out integrated risk analysis on functional safety events and information security events,and can reflect that information security events have a certain impact on the occurrence of functional safety events.The fusion of functional safety and information security lays the foundation.