Checklist: Is Your Plant Cybersecure?

Cyberattacks against industrial plants are now meticulously planned ahead, well-funded, and specifically tailored to their target. How do plant operators recognize whether their own systems are cybersecure?

A news story that caused concern at the end of 2017: Criminals were able to successfully hack a safety controller for the first time. As a result, the affected process plant had to be shut down. This was a shock, as many plant operators believe that their safety controller prevents such scenarios. However, cybersecurity is about more than just technology.

Determining whether a plant complies with the latest standards requires precise analysis. Nonetheless, the following questions can provide initial advice on this topic. Plant operators that answer one or more of these questions with “no” or “I don’t know” should seek immediate advice.

Checklist: Five Criteria for Cybersecurity

  • Are distributed control systems and safety system separated from one another?
    If an error occurs in the distributed control system, it must not affect the safety system. Both systems should be physically separated and also be operated by different personnel. Separated network layers with defined transitions – known as conduits – are required between these systems in accordance with the standard IEC 62443.
  • Does the safety system use a proprietary operating system?
    Both open and commonly used operating systems, such as UNIX, are more vulnerable than proprietary developments for a simple reason: they are more well-known. Attackers have been able to identify and exploit weaknesses for years.
  • Is communication continuously secured?
    As well as the controller itself, data transmission must also be protected. This applies to communications between the distributed control system and safety controller but is also valid for exchanging data between field devices. This requires specialized protocols. Logically separating the processor – and thereby the processing of safety applications – from communication is important. This ensures cybersafe plant operation, even if the external communication is attacked.
  • Does the programming environment contribute to risk reduction?
    Whether it’s an incorrect configuration or an interface that hasn’t been closed, negligence and targeted manipulation can lead to safety-critical incidents. An engineering environment that eliminates many sources of error from the outset can reduce risk. This could be by using closed, certified function blocks or verifying changes with checksums, for example.
  • Do employees fully understand cybersecurity?
    “A chain is only as strong as its weakest link” – with regard to cybersecurity, this saying is more than just empty words. Every employee – not just those who work with safety-critical systems – must be well-versed in IT security. This begins with seemingly simple tasks, such as creating a secure password and adhering to strict standards of confidentiality. Employees also have to know and understand typical cyberattack methods, so they can avoid becoming a victim of social engineering, for example.

Clearly, the abovementioned criteria do not cover all considerations. They are to be seen more as a foundation for safe plant operation in times of industrial interconnectivity. Detailed analysis and specific recommended actions are provided by HIMA consulting services.

Cyberattacks against industrial plants are now meticulously planned ahead, well-funded, and specifically tailored to their target. How do plant operators recognize whether their own systems are cybersecure?