The future of the process industry is digital worldwide, under the banners of Industry 4.0 and the Internet of Things (IoT). Written by Dr. Alexander Horch, Vice President Research, Development & Product Management, HIMA.
Digitisation creates many opportunities for plant operators to enhance efficiency, increase flexibility and make their plants future-proof. However, there is a downside: threats to plant security arising from digitisation, especially as a result of rapidly growing and increasingly sophisticated cyber criminality.
In late 2017 a safety controller (SIS) deployed in a process facility in the Middle East had been targeted by a new malware attack. Although the hacker did not succeed in disabling the safety functions of the system, he managed to compromise the safety instrumented system (SIS) and initiated a system shutdown. This cyberattack represents a new dimension of cyberthreats to critical infrastructures, being the fifth publicly known ICS incident to date, following Stuxnet, Havex, Blackenergy2 and Crashoverride.
The Concept Of Safety Is Changing
The incident makes it clear that no SIS manufacturer can promise a solution that is absolutely and always safe with regard to all eventualities and risks.
Safety-oriented automation solutions in industrial plants must now encompass more than just safe emergency shutdown (ESD); but also provide effective protection against cyberattacks. This leads to a paradigm shift. In the future, safety solutions must be regularly adjusted and extended in the interest of security.
Standards Compliance And Level Separation As A Basis
A welcome trend is that companies in the process industry are increasingly recognizing the importance of safety and security standards for the safety and economic viability of their plants. However, there are still companies that are not using fully standards-compliant SIS. That means they run a significantly higher risk of lost production and harm to people and the environment. To achieve maximum safety and security, it is especially important for plant operators to implement the requirement of the standards for functional safety and automation security (IEC 61511 and IEC 62443) for physical separation between safety instrumented systems (SIS) and process control systems (BPCS).
Standards compliance is a key aspect of defence against cyberattacks. According to IEC 61511, safety instrumented systems and process control systems can only be regarded as independent safety levels if they are based on different platforms, development bases and philosophies. This means that the system architecture must fundamentally be designed to prevent the simultaneous use of components of the process control system level and the safety level without a detailed safety analysis.
An equally problematic situation arises when a successful cyberattack on the process control system via the office PC of an employee leads to compromising the integrated safety system, with the result that functional safety and basic cybersecurity are also compromised. The link between office IT and the production system always represents an extreme weakness. An attack on an integrated SIS/BPCS system is thus considerably easier than an attack on a stand-alone SIS.
Cybersecurity insurance policies, which enable companies to at least partially protect themselves against financial losses from cyberattacks, are starting to emerge. Cybersecurity insurance demands clear risk assessments in plants, based on applicable standards, as otherwise insurance is not possible or not financially viable. Plant operation is only reliable when plant operators systematically implement cybersecurity measures, such as separation of protection levels, in addition to functional safety.
Proactive Cybersecurity Is Necessary
Rapidly growing and increasingly professional cyber criminality compels both manufacturers of safety solutions and their users to pursue proactive cybersecurity policies and establish integral safety concepts. As part of risk assessment, plant operators must weigh the financial expenditures for effective safety and security concepts against the costs of potential shutdowns, which can easily run into the millions. The money invested in cybersecurity, usually only a fraction of the cost of a shutdown, safeguards the productivity of the entire plant.
As a user, you can opt for the best possible defence by using safety instrumented systems with the fewest possible vulnerabilities. The operating systems of the controllers are tested for resistance to cyberattacks during the software development process. That is also ensured by security certification of the development process and by the development processes necessary for functional safety, such as the two-person principle.
However, for plant operators it is not enough to rely on standards-compliant hardware and software. Cybersecurity is a never-ending task, and it must be developed jointly by plant operators and safety specialists in the conceptual design of new plants or prior to update measures. The minimum requirement for existing plants is an exact analysis of potential cybersecurity weaknesses. Along with technical measures, users must also implement organizational measures, because no existing technology can provide complete protection against new forms of attack. Consequently, there is a strong need for periodic checking of internal networks and communications systems, for example by penetration tests carried out by independent parties.
In other industries it is now common practice to allocate fixed budget amounts for recurrent safety and security audits. In these audits, external specialists conduct threat tests to thoroughly examine internal cybersecurity measures, with the objective of identifying and eliminating weaknesses. This amounts to proactively employing hackers to find potential vulnerabilities that could be exploited by other hackers.
The results of these tests should be used to boost safety measures in the entire industry to a uniform and effective level.
Good Safety Technology Is Not Enough
The human factor is the most frequent source of cyber risks. That includes not only targeted cyberattacks aimed at disrupting production processes or stealing industrial secrets, but also disruptions that can arise from inattention. For safety-oriented systems, the usual cybersecurity rules are even more important because the SIS represents the last line of defence against a potential catastrophe. Protection against human penetration, whether intentional or unintentional, is therefore especially important. Consequently, a comprehensive security concept includes aspects such as specific access protection, physical safeguarding, or checking the plausibility of changes. Here technology can and must form the basis for taking the pressure off people.
It is also important to constantly be aware of possible means of manipulation. In this regard, safety-critical applications are fundamentally different from other industrial PLC or office applications. Considerable expertise is necessary to ensure security in safety applications. Consequently, maintaining and constantly refining security often poses a nearly insurmountable hurdle for plant operators. It is therefore advisable to draw on the services of experienced safety and security experts in order to jointly develop and implement effective concepts. Currently one of the major threats is “spear phishing” – the targeted spying out of access data for protected systems. Once employee passwords become known, launching a cyberattack is child’s play. Plant operators should engage all employees and encourage them to become familiar with cybersecurity and be part of an effective proactive defensive strategy.
Loss or damage that arises from the action of an employee should be considered a system issue. Such loss or damage should demonstrate the necessity to fill knowledge gaps and familiarise employees with threat scenarios, such as known social engineering strategies. Extensive programmes for security training and increasing employee awareness are thus an essential component of a proactive safety concept.
CHECK OUT OUR LATEST ISSUE!
WANT MORE INDUSTRY INSIGHTS? SUBSCRIBE TO IAA NOW!