The call for integrated management of safety and security (IMSS) derives from intensification of digitalisation development and the increased reliance on information communication technologies (ICT) in high-risk industries, such as the chemical and process industry. This development means tightened interconnectedness between industrial automation and control and information technology systems. As a result, the risk landscape is changed towards a stronger interconnectedness of safety, physical and (cyber)security risks, which may lead to major accidents. The objective of this paper is to examine the motivations for IMSS, the current state of IMSS, the cybersecurity-induced risks, including the actualisation of interconnected risks and some sociotechnical tools for IMSS in Seveso plants. They are plants where certain quantities of dangerous substances are present, which are subject to the requirements of the Seveso III Directive (2012/18/EU). The data considered is open source and related to cyber and physical security-induced accidents; interviews with the representatives of Seveso sites and regulators; and literature. The method is qualitative content analysis. The results show that, despite the ongoing development in IMSS at the Seveso sites, IMSS is still in its infancy. Indeed, cybersecurity is often handled in a separate IT department, and the communication with process-safety experts is often inadequate. Furthermore, safety and security risk identification and assessment are essentially undertaken separately. To achieve a real IMSS, we argue that the co-existence of technical and organisational, including structural, functional and cultural development is a fundamental aspect. The combination of such complementary aspects represents the main novelty of this study.

Integrated management of safety and security in Seveso sites - sociotechnical perspectives

Alessandro Tugnoli;Matteo Iaiani;Valerio Cozzani;
2022

Abstract

The call for integrated management of safety and security (IMSS) derives from intensification of digitalisation development and the increased reliance on information communication technologies (ICT) in high-risk industries, such as the chemical and process industry. This development means tightened interconnectedness between industrial automation and control and information technology systems. As a result, the risk landscape is changed towards a stronger interconnectedness of safety, physical and (cyber)security risks, which may lead to major accidents. The objective of this paper is to examine the motivations for IMSS, the current state of IMSS, the cybersecurity-induced risks, including the actualisation of interconnected risks and some sociotechnical tools for IMSS in Seveso plants. They are plants where certain quantities of dangerous substances are present, which are subject to the requirements of the Seveso III Directive (2012/18/EU). The data considered is open source and related to cyber and physical security-induced accidents; interviews with the representatives of Seveso sites and regulators; and literature. The method is qualitative content analysis. The results show that, despite the ongoing development in IMSS at the Seveso sites, IMSS is still in its infancy. Indeed, cybersecurity is often handled in a separate IT department, and the communication with process-safety experts is often inadequate. Furthermore, safety and security risk identification and assessment are essentially undertaken separately. To achieve a real IMSS, we argue that the co-existence of technical and organisational, including structural, functional and cultural development is a fundamental aspect. The combination of such complementary aspects represents the main novelty of this study.
Marja Ylonen; Alessandro Tugnoli; Gabriele Oliva; Jouko Heikkila; Minna Nissila; Matteo Iaiani; Valerio Cozzani; Roberto Setola; Giacomo Assenza; Dolf van der Beek; Wouter Steijn; Nadezhda Gotcheva; Ernesto Del Prete
File in questo prodotto:
File Dimensione Formato  
SS_4_STER.pdf

accesso aperto

Tipo: Versione (PDF) editoriale
Licenza: Licenza per Accesso Aperto. Creative Commons Attribuzione - Non commerciale - Non opere derivate (CCBYNCND)
Dimensione 1.87 MB
Formato Adobe PDF
1.87 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/901797
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? 2
social impact