Author
1. Introduction
The industrial landscape is changing rapidly. The Industrial Internet of Things (IIoT) and the connectivity of operational technology (OT) and information technology (IT) promise improvements in production and process workflows. Digitalization on the shop floor opens a myriad of possibilities for companies, from more productivity and cost-efficient operations to faster customer service and new business models that generate additional revenue.
However, as the Internet makes its way into industrial plants, it introduces new challenges - welcome to the age of ubiquitous cyber threats. Previously isolated industrial control systems (ICS) are now being exposed to the same cyber threats as the IT world. The attack surface has increased, and attackers are using increasingly more professional tools and methods.
Cyberattacks on critical infrastructure and industrial facilities are increasing at an alarming rate—in the European energy sector, for example, they doubled between 2020 and 2022, with dozens of successful attacks each year (source: Eurelectric). Ransomware attacks cripple production lines, denial-of-service attacks disrupt critical processes, and espionage activities target intellectual property and trade secrets. These incidents not only cause major economic damage through business interruptions and recovery costs for the companies concerned, they also raise a fundamental question: Given this threat situation, can the safety of people and facilities still be guaranteed?
Traditionally, “safety” in industry was mainly regarded as “functional safety” (FuSa for short). The objective of functional safety is to reduce risks due to random hardware failures or systematic errors in the design of control systems to an acceptable, i.e. very low level. Standards such as IEC 61508 have formed the basis for this for decades. However, this approach is now reaching its limits, as functional safety assumes that the systems function correctly and are not manipulated by external, malicious interference. And this assumption is, of course, massively challenged by the increase in cyber threats.
Therefore, functional safety and (cyber)security are no longer separate disciplines today, but rather two sides of the same coin: The integrity and availability of safety-critical functions is increasingly dependent on the resilience of systems to cyberattacks, as a successful cyberattack can override just those protective mechanisms that are designed to protect human lives and prevent catastrophic accidents.
This article takes a closer look at the connection between functional safety and cybersecurity and aims to provide a strategic understanding of the challenges and suggestions for organizational and technological measures to make industrial plants safe and future-proof. We will start by explaining the basic concepts of both areas, then analyze real-world threats using scenarios and current incidents, and finally look at how regulations such as the EU Cyber Resilience Act (CRA) and the NIS 2 Directive promote and require an integrated approach to functional safety and cybersecurity.
2. Functional safety: The foundation of industrial processes
To understand the link between functional safety and cybersecurity in industry, you need to start with the concept of functional safety. It has been the basis for the safe operation of industrial systems and processes throughout their entire lifecycle for decades. Its main objective is to protect people from hazards, equipment from destruction, and the environment from harm by reducing dangerous risks to an acceptably low level.
Functional safety therefore primarily deals with the correct and reliable functioning of safety systems in hazardous conditions or events. For example: A chemical plant contains a pressure vessel, and excess pressure in this vessel would pose a major safety risk. A safety instrumented system (SIS) detects when overpressure occurs and automatically triggers a safety function, such as opening a relief valve or safely shutting down the process. Thus, correct activation of the safety function eliminates the risk and ends the hazardous condition.
The international standard series IEC 61508 “Functional safety of electrical/electronic/programmable electronic safety-related systems” is the base standard that covers the entire lifecycle of such safety systems – from planning to design and commissioning to operation, maintenance and decommissioning.
Functional safety considers two types of errors according to the standard: random hardware failures – e.g. a defective sensor – and systematic errors, for example design, software or installation errors. Thorough analysis, design, verification, and validation processes, as well as the use of methods such as runtime testing of memory modules and redundant components for detecting computing errors, are employed to minimize the probability of a dangerous failure of the safety function. The required level of reliability is determined by the Safety Integrity Level (SIL), which results from a detailed risk assessment of the plant or process. A higher SIL requires stricter measures and a lower probability of failure of the safety function.
Functional safety based on such standardized methods is a well-established and indispensable aspect of risk management in many industries. It makes sure that automated systems do not fail dangerously, even if there are unexpected errors or things aren't working as usual.
However, this understanding of functional safety assumes that the components and logic of the safety system are not subject to targeted manipulation but only exhibit dangerous fault states due to stochastic/random hardware faults or unintentional faults in the development or operating process. And it is precisely this assumption that is no longer valid in the age of industrial cybersecurity.
3. Industrial cybersecurity: Protection against malicious attacks
For this reason, industrial cybersecurity (operational technology security or OT security) has become an important area in recent years. While functional safety protects against unintended errors, cybersecurity focuses on protecting Industrial Automation and Control Systems (IACS) from targeted, malicious attacks.
Industrial cybersecurity is designed to ensure the availability, integrity, and confidentiality of OT systems and their processes. Availability means that the systems and processes run as intended and are not disrupted by attacks such as denial of service. Integrity ensures that data and control commands remain unchanged and cannot be manipulated. Confidentiality protects sensitive process data and intellectual property from unauthorized access.
The ongoing digitalization and cloud connectivity of OT systems increases the need for industrial cybersecurity. For a long time, IACS were relatively secure due to the use of proprietary technologies and protocols and their physical isolation (air gap principle). Today, IACS are increasingly implemented in standard IT technologies like Linux, Windows, Ethernet, and wireless protocols that are connected to corporate networks and the cloud, and open to remote access for maintenance and support. While this development brings benefits in terms of efficiency and flexibility, it also opens new doors for cyber-attackers. The threats range from general malware that accidentally finds its way into OT networks to sophisticated, professionally operated attacks (advanced persistent threats or APTs) that specifically aim to sabotage or control critical infrastructure.
IEC 62443 “Industrial communication networks – Network and system security” is an internationally recognized series of standards for industrial cybersecurity. Even more comprehensive than IEC 61508 for functional safety, it provides a whole set of standards for the management of cyber risks in IACS over the entire lifecycle, both for overall systems and system components, as well as for the processes according to which they are to be developed and operated. It defines requirements for component manufacturers, system integrators, and operators. Key concepts in IEC 62443 relate to the segmentation of systems and networks into parts with different levels of criticality, the definition of security levels (SLs) based on risk assessments, and the implementation of basic security requirements such as access control, system integrity, and data confidentiality. The aim is to create a robust defense-in-depth that makes attacks more difficult, detects them as quickly as possible, and limits their impact.
Industrial cybersecurity is therefore not a purely technical task like installing a virus scanner on a computer but also encompasses people and their way of working in a continuous process. This is time-consuming, but essential to ensure the integrity and availability of industrial processes and lay the foundation for a safe and resilient infrastructure. And this also means that cybersecurity is necessary to maintain functional safety!
Functional safety systems (SIS) are increasingly using programmable electronic components, networks and software platforms similar to regular process control systems (IACS). Sensors send their data via digital networks, safety controllers execute complex logics, and actuators are controlled digitally. All of these digital components and communication channels are potential targets for cyber criminals. When attackers invade the OT environment and take control of parts of the IACS, they can also manipulate or override the safety-related functions.
How does the meaning of safety change in an increasingly autonomous and interconnected world? What do the twin concepts of safety and security mean for our systems and networks?
CEO Talks: The twin concepts of safety and security
4. Examples of security risks from cybersecurity attacks
The risk of cyberattacks compromising functional safety systems is far from theoretical and abstract. Various incidents that have become public in recent years draw a clear picture: The digital vulnerability of industrial assets is an acute risk with potentially devastating consequences.
While many organizations are understandably reluctant to reveal details of successful attacks that may have impacted safety-related systems, there is a wealth of information and reports from security researchers that reveal worrisome trends. Reports from specialists such as Kaspersky ICS CERT and Eurelectric show a significant increase in attacks on critical infrastructure and manufacturing in Europe.
Here are a few examples of how cyber risks can directly translate into safety risks:
- Manipulation of process data and control parameters: Attackers could falsify sensor values to prevent dangerous conditions from being detected (e.g., components indicating that pressure or temperature is higher than normal). If they then change the set-points or control parameters in the process control system in such a way that the plant is placed in an unsafe mode, the safety system will not be able to detect the unsafe condition due to the manipulation of the sensor values and will not be able to respond in time.
- Failure or blockage of safety devices (SIS): A targeted attack could paralyze safety control itself (e.g. through ransomware or denial-of-service attacks). This would prevent the SIS from performing the necessary safety function when required—the emergency shut-off valve would not open, and the process would not be shut down safely.
- Manipulation of safety-related communications and alarms: Attackers could compromise communications between the process control system and the control room or between the SIS and the alarm system. Alarm and warning messages about dangerous conditions would not reach the operating personnel or would be displayed incorrectly, resulting in valuable response time being lost or incorrect decisions being made.
- Compromise by insecure remote access or supply chains: Vulnerabilities in remote maintenance access or compromised software updates from third-party providers can offer attackers an easy way into the inner workings of a company's system, which is supposed to be highly secure against external threats. From there, they can maneuver their way across the network and ultimately reach and manipulate safety-critical systems.
The implication of these scenarios is clear: A single successful cyber incident can fully and immediately disengage well-designed and correctly implemented concepts and methods of functional safety that have been successfully deployed for a long time and have catastrophic consequences – from serious accidents with personal injury to environmental damage and the destruction of entire plants. Cyber risks are real business risks: They lead to business interruptions, financial losses, damage to reputation and can threaten the existence of the company.
The assumption that safety systems are inherently safe because they are physically or logically separated offers a false sense of security in a networked world. The digital connection creates a direct dependency: Without security, there is no longer any reliable safety. Cybersecurity threats affect all industries, and according to many experts, it is no longer a question of whether a company will be affected, but rather when, and of how well it is prepared to limit the impact.
5. The regulatory compass: EU requirements as a driver for integrated safety
The growing dependence on functional safety and cybersecurity is also reflected in European legislation. In recent years, the European Union has introduced several regulations concerning cybersecurity and the security of industrial products and facilities, which are of strategic importance to companies and, specifically, to managers.
These new rules make it clear: Cybersecurity is no longer an optional addition, but a fundamental requirement for market access and safe operation in the EU. Manufacturers and operators must take an integrated approach to functional safety and cybersecurity.
Overview of relevant EU standards for safety and security
EU Cyber Resilience Act (CRA): Safe products as a basis
The CRA came into force at the end of 2024; its main requirements are to be implemented no later than the end of 2027. The Act represents a real breakthrough: For the first time, cybersecurity requirements will be made mandatory for almost all products with digital elements provided on the EU market – from IoT devices to industrial control components. Manufacturers must apply security-by-design principles, operate vulnerability management over the product lifecycle, and proactively provide security updates. For products used in industrial automation and control systems (IACS), this means an increase in the required minimum safety characteristics. Since functional safety depends on the correct functioning of these components, the CRA indirectly enhances safety by increasing the digital resilience of the relevant products and components.
The NIS-2 Directive: Operator-level security
The revised Network and Information Security Directive (NIS-2), which had to be transposed into national law by October 2024, significantly broadens the scope of the sectors concerned and tightens the requirements for cybersecurity risk management for operators of essential and important services. This includes many industries such as energy, transport, production of critical goods, as well as digital infrastructure. Operators must take appropriate technical and organizational measures to protect their networks and information systems and report significant security incidents. NIS-2 focuses on operational security and thus complements the product-related approach of the CRA.
The Machinery Directive: Safety and security for machines
As the successor to the EU Machinery Directive 2006, the new Machinery Regulation, which will become effective in January 2027, explicitly integrates cybersecurity aspects as part of the basic safety and health protection requirements for the first time. It requires controls of machines to be designed in such a way that malicious acts or manipulations cannot lead to dangerous situations. This creates a direct legal link between machine safety (Safety) and the need to protect it against cyber threats (Security).
The AI Act: Artificial intelligence in industry must also be secure
The upcoming AI Act also has some references to the safety of industrial controls. For AI systems used in high-risk areas such as industrial process control and optimization, the AI Act sets requirements for robustness, accuracy and security, which also includes protection against tampering and ensuring safe operations in the event of cyberattacks.
An integrated approach to cybersecurity is essential
These EU regulations show that functional safety cannot be separated from security; safety and security are considered holistically. For companies, this means that cybersecurity is not just a task of the IT department, but part of risk management, product development, and the operation of industrial facilities. However, compliance with these regulations is not only legally necessary – regulatory requirements encourage the integration of functional safety and cybersecurity at all levels of the company. This should be seen as an opportunity to strengthen your own resilience and build trust with customers and partners.
Subscribe to our newsletterand get an exclusive expert overview of current tech trends in autonomy, automation, IoT, safety, security, and sustainability.
6. Paradigm shift towards integrated risk management
Understanding functional safety and cybersecurity as inseparable parts of holistic risk management for operating technology (OT) is initially a mental change. Risks must be assessed comprehensively – both random failures and malicious attacks must be taken into account. This may require crossing traditional departmental boundaries to find a common language and common processes for managing safety and security risks. The basis for a comprehensive cybersecurity strategy for companies includes three key organizational aspects:
- Establishing a security culture: Security in the sense of “both safety and security” must start with a clear commitment from management and then extend through all levels and departments. Regular training and awareness campaigns are necessary to raise awareness of the risks and the importance of safe behavior among all employees. This is often already the case for “normal” IT cybersecurity at present but must now be expanded to include the industrial safety and security aspect.
- Encouraging collaboration: Functional safety experts (often engineers from the OT sector) and cybersecurity experts (often from the IT sector) must work closely together. Structures such as shared teams, regular coordination rounds, and joint risk assessments are important. Mutual understanding of the respective challenges and priorities is crucial.
- Defining clear responsibilities and governance: It must be clearly defined who in the company is responsible for the integrated safety and security strategy. This responsibility should ideally be located at C-level (e.g. Chief Operating Officer, Chief Information Security Officer with extended mandate for OT or a dedicated role). A clear governance structure with defined roles, responsibilities, and escalation paths is essential.
In addition to organizational aspects, there are also technical principles that ensure safe and secure systems. They are laid out in recent EU regulatory efforts and provide and are relevant for companies in every industry:
- Holistic risk analyses (safety and security): Risk analyses must take into account both safety aspects (in accordance with IEC 61508/61511) and security aspects (in accordance with IEC 62443) from the outset. Methods such as HAZOP must be expanded to include security threats.
- Security-by-Design and Defense-in-Depth for OT: Cybersecurity must be integrated into the design of plants and systems from the outset (security-by-design). A layered defense-in-depth approach with network segmentation, access controls, intrusion detection, and monitoring is essential for OT environments.
- Secure management over the entire lifecycle: Security must be maintained throughout the entire life cycle of the plant – from procurement to commissioning and operation to decommissioning. This includes secure patch management, vulnerability management, configuration management, and incident response planning specifically for OT environments. And if anyone is dubious about the thought that even decommissioning could pose cybersecurity risks – it is by no means a trivial matter to remove all trade secrets from the mass storage devices of industrial PCs installed somewhere in the control system!
Last, but not least, it is important for executives to understand that investing in integrated safety and security goes far beyond meeting regulatory requirements. It is about ensuring business continuity, protecting valuable assets, and preserving a company’s reputation. A serious security incident, whether caused by an accident or a cyberattack, can result in high costs due to production downtime and system restoration (and possibly ransom payments), as well as a loss of trust among customers, partners, and the general public. Acting proactively and establishing a robust, integrated security strategy are essential for responsible and future-oriented business management.
7. Conclusion
The future of industrial safety lies in the intelligent integration of functional safety and cybersecurity:
Advancing digitalization and connectivity of industrial assets and operating technologies (OT) with enterprise and cloud systems offers great opportunities but also brings significant risks from cyberattacks. The traditional separation between OT and the functional safety crucial in this area on the one hand, and IT systems and the cybersecurity (Security) important for these on the other hand, can no longer be maintained. The safety of people, the environment, and the plant is increasingly dependent on cybersecurity and thus the digital resilience of control and automation systems.
Functional safety systems are no longer isolated and are therefore only as safe as the digital environment in which they operate. Cyberattacks can disengage established defenses and lead to catastrophic events, as real-world incidents in industry repeatedly show. The EU is responding with new regulations such as the Cyber Resilience Act and the NIS-2 Directive, which impose mandatory cybersecurity measures on products and operators and increase the pressure for an integrated approach.
For managers, this means that the integration of safety and security must become a strategic priority. This may require a shift from isolated departments to holistic risk management that includes both random errors and malicious attacks. It also requires organizational adjustments, a comprehensive safety culture, collaboration between experts, and clear responsibilities at management level. Technologically, principles such as security-by-design and defense-in-depth must be implemented in OT environments.
The path to an integrated security landscape may be complex and requires continuous efforts; trends such as the use of artificial intelligence in control engineering, the migration of OT capabilities to the cloud, and the rise of IIoT devices bring further challenges. Investing in integrated safety and security can be costly, but it not only ensures compliance; it also represents a fundamental investment in business continuity, asset protection, and the reputation of the company.
