What is SIS? Your life could depend on it

What is SIS? It stands for “safety instrumented systems.”

These systems monitor plants and other facilities to make sure nothing is going wrong, like temperature or pressure rising too high.

If something goes wrong, the safety system can shut the machines down to stop damage to people and equipment.

But cyber attackers like them, too. Here’s why.

Watch here:

Staying Alive

If you work in — or live near — a plant, an oil refinery, a chemical facility, you want that facility to have some kind of SIS, or safety instrumented system.

In the old days, a human used to walk around and check the sensors to see if the process was flowing smoothly.

Temperature too high? Pressure too high? Is the plant about to blow?

The worker would run and hit the red button to stop the machines.

Now, computers do it.

If there’s a danger of the plant spewing toxic chemicals or blowing up, the computers automatically stop the machines in a “safe state,” where they won’t do any more harm.

Some attackers, however, have destruction in mind.

Safety System Hack

Security experts say a nation-state group hacked into the safety systems of a petrochemical plant in the Middle East in 2017, using malware known as Triton or Trisis.

Did they cause an explosion, tricking workers into thinking everything was fine at the plant when really it was going up in flames?


Experts believe the attackers accidentally triggered the safety system, making it do its job, shutting down the machines before things got of control.

Crisis averted.

But the event sent a warning that even safety systems — especially safety systems — need to be protected from cyberattack.


An example of a Triconex safety controller that was targeted in the 2017 attack. Image: Schneider Electric

Staying Safe

How do attackers get into sensitive industrial systems like the plant operations computers?

A number of ways, experts say, including:

—Using vulnerabilities in software, networks and equipment, either known vulnerabilities that the company has not yet patched, or unknown vulnerabilities called zero days

—Sending phishing emails to employees

—Infecting USB drives that employees or contractors plug into sensitive computer systems 

Experts recommend that people working in industrial companies not charge they phones by plugging them in to sensitive systems.

They say even just charging your phone can allow attackers in through data transfer in the charging cable.


See also:

What is an air gap?

What is an HMI?

What is a PLC?

What is ICS?

What is SCADA?


Main image: Emergency stop button. Image: Urbazon/iStock

Leave a Reply