Abstract
Safety Instrumented Systems (SIS) as defined in IEC 61508 and IEC 61511 are very important for the safety of offshore oil & natural gas installations. SIS typically include the Emergency ShutdownSystem (ESD) that ensures that process systems return to a safe state in case of undesirable events. Partly as a consequence of the evolving ""Integrated Operations"" concept, a need is emerging for remote access to such systems from vendors external to the operating company. Thisaccess will pass through a number of IP-based networks used for other purposes, including the open Internet. This raises a number of security issues, ultimately threatening the safety integrity of SIS. In this paper we present a layered network architecture that represents current good practice for a solution to ensure secure remote access to SIS. Also, a method for assessing whether a given solution for remote access to SIS is acceptable is described. The primary objective with thespecification of the remote access path is to defend the Safety Integrity Level (SIL) of SIS from security infringements. It also accommodates the special case when security functions have to be implemented within SIS.
