{"id":211959,"date":"2026-02-10T10:08:00","date_gmt":"2026-02-10T15:08:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/10\/when-safe-isnt-secure-why-iec-61511-mandates-cybersecurity-for-sis\/"},"modified":"2026-02-10T10:15:08","modified_gmt":"2026-02-10T15:15:08","slug":"when-safe-isnt-secure-why-iec-61511-mandates-cybersecurity-for-sis","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/10\/when-safe-isnt-secure-why-iec-61511-mandates-cybersecurity-for-sis\/","title":{"rendered":"When safe isn\u2019t secure \u2013 why IEC 61511 mandates cybersecurity for SIS"},"content":{"rendered":"<p><a href=\"http:\/\/www.hazardexonthenet.net\/article\/220333\/When-safe-isn-t-secure-why-IEC-61511-mandates-cybersecurity-for-SIS.aspx\">When safe isn\u2019t secure \u2013 why IEC 61511 mandates cybersecurity for SIS<\/a><\/p>\n<p><a href=\"http:\/\/www.hazardexonthenet.net\/article\/220333\/When-safe-isn-t-secure-why-IEC-61511-mandates-cybersecurity-for-SIS.aspx\">http:\/\/www.hazardexonthenet.net\/article\/220333\/When-safe-isn-t-secure-why-IEC-61511-mandates-cybersecurity-for-SIS.aspx<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-10 10:08:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.hazardexonthenet.net\">www.hazardexonthenet.net<\/a><\/p>\n<p id=\"articleauthor\" style=\"float:right;\">Author : Denrich Sananda, Managing Partner, Arista Cyber<\/p>\n<p id=\"articledate\">10 February 2026<\/p>\n<h3>For years, process safety professionals have taken comfort in a familiar equation: if a Safety Instrumented System (SIS) meets its required Safety Integrity Level (SIL), then the risk is under control. HAZOPs are complete, layers of protection are verified, proof tests are planned, and the compliance box is ticked. But that equation no longer holds.<\/h3>\n<h5 style=\"text-align:center;\" class=\"imagecaption\">Image: Arista<\/h5>\n<p><span style=\"font-style: italic;\">(Click here to read article in digital edition)<\/span><\/p>\n<p>As operational technology (OT) systems have become more connected, more digital, and more accessible, the idea that a system can be functionally safe \u2013 without it also being cyber secure \u2013 has been quietly undermined. Much of the industry has missed the formalisation of this point. Ten years ago, the second edition of IEC 61511 introduced Clause 8.2.4, a requirement that many still overlook or misunderstand, which mandated a Security Risk Assessment (SRA) specifically for the SIS. Not as optional guidance or as best practice. But as a requirement.<\/p>\n<p> That short clause represents one of the most important shifts in process safety thinking in decades. It recognises that cybersecurity weaknesses can act as credible initiating causes of major accidents, in the same way as mechanical failure, human error, or poor design. In practice, this is still an area where many plants rely on assumptions made years ago, before today\u2019s levels of connectivity, but cyber risks must be treated with the same seriousness as any other.<\/p>\n<p> The digitalisation of safety<\/p>\n<p> When IEC 61511 was first written, most SIS architectures were physically isolated. Engineering access was local, communications were simple, and cyber risk, at least as we understand it today, barely featured in plant design. Fast forward to today, and the landscape looks very different.<\/p>\n<p> Modern SIS platforms use Ethernet-based communications. Engineering workstations run commercial operating systems with widely known vulnerabilities. Remote, often&#8230;<\/p>\n<p><a href=\"http:\/\/www.hazardexonthenet.net\/article\/220333\/When-safe-isn-t-secure-why-IEC-61511-mandates-cybersecurity-for-SIS.aspx\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When safe isn\u2019t secure \u2013 why IEC 61511 mandates cybersecurity for SIS http:\/\/www.hazardexonthenet.net\/article\/220333\/When-safe-isn-t-secure-why-IEC-61511-mandates-cybersecurity-for-SIS.aspx Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":211960,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.hazardexonthenet.net\/global\/showimage.ashx?Type=Article&ID=236862&Min=200","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[57],"class_list":["post-211959","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211959"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=211959"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211959\/revisions"}],"predecessor-version":[{"id":211961,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211959\/revisions\/211961"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/211960"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=211959"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=211959"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=211959"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}