Cybersecurity requirements for industrial automation and control systems (IACS) are aligned with normative documents like IEC 62443. This standard recognizes that a safety-instrumented system (SIS) must maintain the ability to operate in the presence of cybersecurity events, to avoid harm to people, the environment or physical assets. A SIS has traditionally been designed with only safety in mind, since the technology was proprietary and not connected to general IT systems. Standards on design and operation of a SIS, like IEC 61508, IEC 61511 and IEC 61513 have therefore focused on ensuring the functional safety. Today, a SIS involves also commercial technologies with far-reaching implications for remote monitoring, operation, and updating. Past cybersecurity incidents like Stuxnet and Triton have revealed that there may be motivation as well as resources to exploit new vulnerabilities. It is therefore necessary to treat safety and security in IACS in an integrated manner. Their mutual dependency cannot be ignored since the design allows more logical as opposed to physical access. Co-analysis methods can be found in Lisova et al. (2020) but are not yet applied to guide design or operation decisions in engineering practice. This paper presents how the mentioned safety standards address cybersecurity, and identifies requirements from IEC 62443 which may have an impact on how requirements in the safety standards are formulated. The research gives initial advice on how security and safety requirements are interrelated.