Market and product

Chemical facilities are facing a new layer of risk that traditional safety analysis frameworks were never designed to handle.

For decades, the chemical industry has built its safety systems around a consistent principle: identify failure scenarios, test protection layers, and verify when a process is safe enough to operate. This principle has been validated through real-world practice, from laboratories to large-scale industrial plants.

However, digitalization is creating a challenge that this framework did not originally anticipate.

Threats That Leave No Physical Trace

Cyber intrusions into industrial systems can alter control logic, disrupt communications, or remotely modify equipment configurations — all without leaving any visible sign at the hardware level. This type of failure falls outside the scope of traditional chemical risk models, yet its consequences directly affect the safety conclusions engineers rely on.

From a safety perspective, the key issue is not the origin of the incident, but the actual performance of the protection layer. In a network-connected facility, that performance depends not only on engineering reliability but also on cybersecurity and digital system governance — a dependency that most chemical plants have not yet incorporated into their hazard analysis processes.

International Standards Have Changed, Operations Have Not Fully Caught Up

Edition 2 of IEC 61511 — issued by the International Electrotechnical Commission — introduced a mandatory requirement for security risk assessments of Safety Instrumented Systems (SIS). The standard clearly states that the availability and integrity of safety functions are part of functional safety, not a separate IT concern.

However, field observations suggest that many facilities have overlooked this update, underestimated its significance, or treated it merely as a formal compliance requirement.

Common Vulnerabilities Across Industrial Facilities

Field studies conducted at chemical and industrial plants have repeatedly identified several systemic issues:

• Limited separation between process-control networks and safety networks 
• Shared login credentials across multiple operating stations 
• Legacy systems that are maintained but not adequately hardened against cyber threats 
• Permanently enabled remote access regardless of operational necessity 
• Backup procedures that are rarely tested in practice 

None of these conditions automatically causes an incident. But within a shared digital environment, a compromise in one area can simultaneously affect multiple protection layers. Devices that appear completely independent on piping and instrumentation diagrams may in fact rely on the same digital pathway — a dependency invisible on conventional engineering drawings.

Much of this situation results from the historical evolution of industrial systems. Engineering teams often inherit infrastructure built incrementally over many years, with additional connectivity, remote-support functions, and vendor tools added layer by layer. Each modification introduces new dependencies that standard safety review procedures were never designed to detect.

Hazard Analysis Must Expand Its Scope

HAZOP (Hazard and Operability Study) is currently one of the most widely used tools for identifying ways in which industrial processes can fail. A typical scenario might involve the loss of a critical sensor signal, preventing an emergency shutdown from being triggered when required.

In a networked environment, an additional question must now be considered: what happens if the shutdown signal itself is delayed, altered, or blocked due to a network issue? This scenario currently falls outside the traditional boundaries of HAZOP analysis.

According to recommendations from industry specialists, SIS security assessments can follow a relatively structured process: define the boundaries of critical safety functions and their related digital connections; map system dependencies; evaluate scenarios that could compromise availability or integrity; and then select appropriate cybersecurity controls based on IEC 62443, the standard that defines technical and procedural requirements for securing industrial automation and control systems.

Similarly, Layers of Protection Analysis (LOPA) — traditionally used to determine whether safety layers reduce risk to an acceptable level — must also be updated to account for digital risks.

From Awareness to Practical Implementation

Integrating cybersecurity into safety management does not require rebuilding existing safety frameworks from scratch. Fundamentally, it involves extending current tools so they can address an additional category of risk.

Network segmentation — limiting device connectivity strictly to what is operationally necessary — can be understood in much the same way as preventing cross-contamination in a chemical process. Managing remote-access privileges and incorporating digital configuration changes into management-of-change procedures are practical measures that can be implemented without major structural redesign.

One area that still receives limited attention is proof testing. At present, these tests mainly verify hardware reliability assumptions, but they rarely extend to digital integrity — namely whether data, control logic, and communications continue to function correctly under real operating conditions.

In addition, very few facilities have developed and rehearsed controlled shutdown procedures for situations in which system integrity cannot be confirmed. Such procedures should include pre-agreed criteria for switching to manual operation or shutting down the entire system.

This article is based on the analysis of Denrich Sananda, managing partner and senior consultant at Arista Cyber, published in C&EN (Chemical & Engineering News) on May 15, 2026. The views expressed are those of the author.