In the past year, sophisticated cybersecurity attacks have demonstrated that a multitude of industries and organizations are at risk. Given the increased connectivity and associated risks, companies and plants from all industries must be aware of how each of their assets and actions impacts the security of their networks. Implementing advanced security technologies and practices is essential to a secure operation. For organizations with industrial control systems (ICSs), including those in the power generation and oil and gas industries, this is particularly critical.
While the control network is a top operational priority, processes are tightly tied to many interactions with other networks, which can be infiltrated by a significant breach in an external—or even internal—system. Field devices and pump systems, which are often distant from the central control systems, pose even more risks by increasing the overall attack surface. Process control networks represent higher-risk technologies simply because they can be highly coupled. Being highly coupled, or interconnected, increases the likelihood of a lower-level incident cascading into a higher-level event. As a result, cybersecurity measures must be designed to break down the coupling dependence so negative events become more manageable.
In the past, pumps did not pose a threat to the control network inside the plant because they interfaced with the physical world at "Level 0." Today, however, pipelines and pumps are just as digital as the computers within the plant. New portable field devices and sensors can monitor movement, corrosion and impact to pump systems, as well as transmit a large magnitude of data. With increased connectivity and data transmission, companies must not only manage the input from various field networks but also maintain secure processes across remote connections.
Any organization operating with multiple networks and various security requirements should prioritize the top two concerns—safety hazards and unplanned shutdowns—and determine best practices to prevent them, including assessing current posture, establishing centralized management and visibility, and increasing employee awareness.
Threats to Safe, Reliable Operations
Cybersecurity is primarily aimed at keeping process controls stable and preventing unanticipated changes. Cybersecurity incidents typically cause loss of view, control, operation or production, with different levels of consequence to an organization. The intersection of operational technology (OT) and information technology (IT) has improved efficiencies, but it has also posed greater risks.
In the IT world, hacking a computer is unlikely to cause physical harm to the recipient of the attack, but in the OT environment, manipulating industrial assets through digital channels can cause serious damage. When cyberattacks cause loss of view, loss of control, or denial or modification of control, operators are no longer able to manage their process control networks and their most critical assets effectively and safely. This could lead to an inability to turn pumps on or off or monitor the pressure, flow rate or chemical composition of the pumped medium. As a result, those assets become a safety hazard to the surrounding environment.
Similarly, loss of control over turbines or process equipment could have detrimental effects. In 2014, cyber attackers hacked the process control network of a German steel mill and caused an explosion in a blast furnace that resulted in massive damage.
The world of OT security is foundationally different from traditional IT detection systems in existence today. Securing connected machines in the industrial sector has a unique set of complexities that are much different from protecting a business datacenter.
While safety is the top priority when it comes to the most aggressive cyberthreats, another potential side effect of cyberbreaches is costly unplanned downtime. An oil and gas company, for example, calculated that the failure of one of its control system's human machine interfaces (HMIs) and the resulting downtime of two days would cost the organization an estimated $12 million in lost production.
Field devices and pump systems transmit data to the organization through the control system network. Attackers bypass the most secure layers and identify more vulnerable areas of entry into the system. Security practitioners are less concerned about the number of attacks that come their way than they are about the attacker's persistence or the duration an attacker can stay on the network undetected.
The longer an attacker is on the network, the deeper he or she is able to infiltrate, send back data or cause significant damage.