[OT Sec] Understanding SIL and SL – Essential Foundations for OT System Design
✅ 1. SIL (Safety Integrity Level)
🔎 Definition
SIL (Safety Integrity Level) is a quantitative measure representing the reliability of safety functions within industrial systems. It indicates how reliably a designed safety function can prevent incidents that could harm people, equipment, or the environment.
📘 Applicable Standards
- IEC 61508: General functional safety standard across industries (foundation for all SIL definitions)
- IEC 61511: Process industry-specific (oil refining, chemicals)
- IEC 62061: Machinery safety
- ISO 26262: Automotive industry (branching into ASIL)
🧠 Key Elements for SIL Assessment
SIL levels are determined based on four key steps:
- Hazard Identification
- Risk Analysis
- Determining Required Risk Reduction
- Target SIL Determination
Example: A gas leak poses explosion risk → emergency valve closure must reliably activate → SIL 3 required.
📊 SIL Levels & Probability of Failure
| SIL Level | Probability of Failure per Hour (PFH) | Example Applications |
|---|---|---|
| SIL 1 | ≥10⁻⁶ ~ <10⁻⁵/hour | General warning systems, no emergency shutdown required |
| SIL 2 | ≥10⁻⁷ ~ <10⁻⁶/hour | Regular process shutdown, hazardous material management |
| SIL 3 | ≥10⁻⁸ ~ <10⁻⁷/hour | Gas shutoff valves, high-pressure steam controls |
| SIL 4 | ≥10⁻⁹ ~ <10⁻⁸/hour | Nuclear plants, high-speed railway braking systems |
Note: SIL 4 is rare in practical industries; most facilities require SIL 2~3.
✅ 2. SL (Security Level)
🔎 Definition
SL (Security Level) assesses the cybersecurity strength of industrial control systems (ICS/SCADA, DCS, PLC) against various attacker capabilities. Defined by IEC 62443 standards, it quantifies the system’s security robustness into four maturity levels based on potential attackers.
📘 Related Standards (IEC 62443)
| Standard | Description |
| IEC 62443-1-1 ~ 1-4 | Definitions, structure, conceptual framework |
| IEC 62443-2-x | Policies, operations, governance (management) |
| IEC 62443-3-3 | System security requirements (Core for SL) |
| IEC 62443-4-2 | Component-specific security requirements (PLC, HMI, etc.) |
🧠 SL Levels & Attacker Profiles
| SL Level | Attacker Capability | Required Security Controls |
| SL 1 | Random or accidental intruders | Basic access control, password management |
| SL 2 | General hackers (basic technical skills) | Authentication, vulnerability mitigation, basic network protection |
| SL 3 | Advanced hackers, insiders, advanced tools | Zone-based security, detailed access controls, logging, integrity checks |
| SL 4 | Nation-state APT, high resources | Multi-factor authentication, advanced threat detection, isolation, real-time response systems |
SL is further categorized into Target Security Level (SL-T), Capability Security Level (SL-C), and Achieved Security Level (SL-A).
🔍 SIL vs. SL: Key Differences
| Criteria | SIL (Safety Integrity Level) | SL (Security Level) |
| Purpose | Reduce physical risk from functional failures | Protect systems from cyberattacks |
| Approach | Reliability-based (probabilistic) | Threat-based (security-focused) |
| Asset Focus | Physical safety devices (SIS, sensors, valves) | Digital assets (PLC, HMI, networks) |
| Evaluation Basis | Probability of failure (PFD/PFH) | Checklist of security requirements |
| Standards | IEC 61508, IEC 61511 | IEC 62443-3-3, 4-2 |
| Key Personnel | Functional safety engineers | OT security engineers, CISO |
🏭 Practical Application Examples
Example 1: Chemical Plant Gas Detection and Isolation System
- SIL: Gas leak detection and automatic valve closure → SIL 3 required.
- SL: Protect valve operation from remote intrusion → SL 3 needed.
Example 2: Power Plant Control Systems
- SIL: Automatic shutdown upon overpressure → SIL 2 or higher.
- SL: SCADA hacking prevention → authentication, logging, isolation (SL 2~3).
Example 3: Railway Systems
- SIL: Signal control malfunction could cause severe accidents → SIL 4.
- SL: Prevent remote hacking of train control systems → SL 3~4.
🧩 Integrating SIL and SL in OT System Design
While SIL and SL originated from different disciplines—functional safety and cybersecurity—they must be integrated within modern OT system designs.
🔄 Examples of Integrated Strategy
| Integration Point | Explanation |
| Security Design to Protect Safety Functions | SIL 3 emergency stop must include SL 3 access controls |
| Evaluating Security Threats as Safety Risks | Linking Threat Modeling (security) with HAZOP/LOPA (safety) |
| Standards Integration | Joint application of ISA/IEC 62443, ISO 27001, IEC 61511 standards |
Without collaboration between safety and security teams, even high SIL-rated systems can fail due to cybersecurity vulnerabilities.
🎯 Summary
| Key Question | SIL | SL |
| What is protected? | Lives and physical assets | Digital assets and control systems |
| Assessment Basis | Reliability, probability of failure | Attacker capability, threat scenarios |
| Applied to | Safety Instrumented Systems (SIS), ESD, pressure controls | ICS, SCADA, PLC, networks |
| Relationship | Complementary; managing them separately increases risk |
![[OT Sec] ISA/IEC 62443 Certification Program: A Global Standard and Training Program for Industrial Cybersecurity Experts](https://ota2z.com/wp-content/uploads/2025/01/DALL·E_2025-01-13_15.30.49_-_A_secure_industrial_control_environment_showcas-768x439.webp)
![[OT Sec] OT Security Consultant’s Practical Procedure A to Z (1/2)](https://ota2z.com/wp-content/uploads/2025/05/ChatGPT_Image_2025년_5월_6일_오후_10_32_48-768x768.webp)
![[OT Sec] Global OT Cybersecurity Paradigm Shift and Korea’s Regional Industry Integration Strategy](https://ota2z.com/wp-content/uploads/2025/08/ChatGPT-Image-2025년-8월-1일-오후-05_27_26-768x768.webp)