3 Areas of Concern in Cybersecurity
Determine the safety levels for your system.
Schneider Electric

For many years, pumps and pump applications were not necessarily viewed as critical applications. As a result, little or no communication capabilities were built into the systems. But the internet of things (IoT), combined with the ability to enhance pump system monitoring and performance, is changing this environment. 

IoT is quickly being adapted as the means to drive smart pumping applications. Whether in water/wastewater, oil and gas, mining, or even commercial buildings, pumps are often located where no one is available to monitor operations or quickly respond to performance issues. IoT functionality is being adapted to provide remote monitoring of these installations.

The use of IoT allows for closed loop data collection, transmission, data analysis and appropriate actions to be taken. It can also provide unlimited cloud storage, high-speed connectivity and analysis tools.

There are three areas of concern when it comes to cybersecurity. These are often referred to as the CIA triad—which stands for confidentiality, integrity and availability of data. The confidentiality of data is usually considered by information technologists to be the most important of these. This is because information technology (IT) departments typically deal with personally identifiable information (PII). With smart pumping applications, the importance of confidentiality is quickly overshadowed by the integrity and availability of data. From a safety perspective, data availability to and from the pump application might be considered the most important. That is, if data is no longer available due to an attack, such as a denial of service, the pump application may “lose” its intelligence. For any intelligent pumping application, safeguards should be built in for system protection.

Just as important is the integrity of the pump data. If the pump data were modified in transit or at rest, this would negatively affect the data’s integrity. As such, any data analysis or modifications to the pump parameters—whether made in real-time or deferred—would be questionable and could have dire consequences.

Cybersecurity compliance of products and solutions is being driven by three different groups:

  1. End users demanding compliance to cybersecurity standards for new orders 
  2. Industry regulations demanding compliance testing 
  3. Vendors differentiating themselves by certifying their products and solutions

One standard specifically targets the industrial automation control system (IACS). This standard is the International Electrotechnical Commission (IEC)-62443 suite of global standards. IEC-62443 focuses on all facets of the IACS products and solutions including product vendors, the end user or asset owner, and the system integrators or service organization.

In order to secure such systems, one could implement the IEC-62443 IACS security life cycle. This security life cycle standard offers a phased approach to cybersecurity and breaks down the life cycle into the following key phases:

  • assess
  • design and implement 
  • monitor and maintain

During the assessment phase, a high-level cybersecurity risk assessment is performed to identify areas at highest risk where risk is a function of the impact of an event and the probability such an event will occur. These events could be related to health/safety (loss of life), the environment (spill), fiscal (lost production or quality of product), reputation (tarnished image) or even public confidence (water contamination). The assessment phase includes grouping assets into different zones and conduits.

Each zone and conduit would be assessed to determine three security levels that include:

  • target security level (SL-T)
  • capability security level (SL-C)
  • achieved security level (SL-A)

Communication between zones occurs through conduits. Each zone and conduit are assessed separately to determine these security levels. In simple terms, the target security level is where the zone/conduit should be after assessing the system. The capability security level is the cybersecurity level the zone/conduit can achieve, and the achieved security level is the actual security level the zone/conduit achieves after implementing the appropriate cybersecurity controls.

Once a detailed assessment is made for each of the zones and conduits and the target security levels are assigned, it is time
to enter the design and implement phase. The following activities are a common part of this phase and are defined in
IEC-62443-3-2 and IEC-62443-3-3:

  • cybersecurity requirements specification
  • design and engineering of cybersecurity countermeasures
  • design and development of other means of risk reduction
  • installation, commissioning and validation of cybersecurity countermeasures

Two common examples that might become part of the design and implement phase are disaster recovery and patch management. Disaster recovery, in its simplest terms, is the process and procedures related to backing up configuration data, testing the backups and restoring those backups in the case of a disaster. Intelligent pump systems have baseline configuration data associated with their operation as well as data produced and consumed on a regular basis. It is imperative that this is backed up. The goal of disaster recovery is to experience as little downtime as possible and to recover from the corruption of data from attacks such as ransomware.

Requirements for patch management can be found in the IEC-62443-2-4, as well as detailed information for the installation of patches in the technical report IEC-TR62443-2-3.

Finally, the monitor and maintain phase is crucial to keeping good cybersecurity hygiene. This phase includes activities such as monitoring (IEC-62443-2-1) intelligent pumps for new firmware and/or software and managing those updates using the patch management system described. Other activities include responding to and recovering from incidents that occur. This incident response (IEC-62443-2-1) process can address something as benign as losing a hard drive on a system that records and monitors pump pressures to a cybersecurity attack.

Since this process is a life cycle, it does not end at the monitor and maintain phase. The cycle is repeated with the goal of improving cybersecurity maturity and getting as close to the defined target security levels as possible.  

Cybersecurity Goals

  • Recognize all IoT device risks—list all risks and educate all necessary parties of such risks.
  • Leverage standards to ensure IoT life cycle security—ensure compliance with relative industry standards.
  • Support industrial IoT (IIoT) cybersecurity initiatives—understand and support industry security efforts.
  • Address deployment and update risks—make sure all systems are properly installed and maintained.
  • Train key personnel in security—for example, ensure all design engineers understand and embrace security as a design priority.