Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts

Defending Industrial Control Systems From Cyber Attack

cybersecurity for industrial control systems
Cybersecurity is now a design element of all industrial
control systems
Industrial control system owners, operators, and other stakeholders should be aware of their exposure to malicious intrusion and attack by individuals or organizations intent on inflicting physical damage, stealing information, or generally wreaking havoc throughout an industrial operation. The risk of intrusion, regardless of the size or type of facility, is real and deserves the focused attention everyone involved in the design and operation of industrial control systems.

The National Cybersecurity and Communications Integration Center, part of the US Department of Homeland Security, ...
serves as a central location where a diverse set of partners involved in cybersecurity and communications protection coordinate and synchronize their efforts. NCCIC's partners include other government agencies, the private sector, and international entities. Working closely with its partners, NCCIC analyzes cybersecurity and communications information, shares timely and actionable information, and coordinates response, mitigation and recovery efforts. (from www.us-cert.gov/nccic)
The NCCIC has published a set of seven basic steps toward establishing a more secure industrial control system. I have included the publication below, and it is interesting and useful reading for all involved in industrial process control.

Having a fence around an industrial site, with a guarded entry gate, no longer provides the level of security needed for any industrial operation. Read the seven steps. Take other actions to build your knowledge and understanding of the risks and vulnerabilities. Cybersecurity is now another layer of design tenets and procedures that must be added to every control system. It will be a part of your company's best practices and success, now and in the future.

There are uncountable legacy controllers and communications devices throughout industrial America. All need to be reassessed for their vulnerability in the current and upcoming security environment. When reviewing your processes and equipment, do not hesitate to contact Miller Energy for assistance in your evaluation of our products.



LOGIIC - Cybersecurity Confederation for Industry Video

oil refinery with tanker ship
Oil Refinery
In response to the challenges presented by malicious or mischievous cyber operatives, a number of organizations joined together to collaborate in the design, testing, and implementation of tools and techniques to protect critical industrial systems on a global scale. LOGIIC (Linking Oil and Gas Industry to Improve Cybersecurity), as its name implies, focuses on the oil and gas industry. We should all know, however, that a substantial portion of the automation and process control devices we regularly utilize throughout many industries today were originally developed in the oil and gas industry, where the operational scale and risk level are sufficiently high to justify the costs of developing new technology, methods, and equipment.

LOGIIC participants include the Automation Federation, which brings the resources of world class device and software manufacturers to bear on cybersecurity issues of the day. The Cyber Security Division of the Science & Technology Directorate in the US Department of Homeland Security is also involved. Currently, five major oil companies are members.

Since its inception, LOGIIC has successfully completed eight major projects, with plans for many more. Upon completion of selected projects, LOGIIC delivers public reports to help elevate best practices across the entire industry. Both the member companies and the government are putting funds towards these projects which benefits not only the private sector, but also the public interest. Companies are applying the results within their organizations, because it helps bridge the gap between information technology and the industrial-environment sides of the organization.

LOGIIC is an organization that conducts activities and disseminates information that can be useful throughout your own organization and that of your customers and suppliers in the industrial process control field. Below is a video highlighting the organization and its work.

Industrial Control Systems Present Unique Cybersecurity Challenges

industrial control system cybersecurity
Industrial control systems have unique
cybersecurity challenges.
The International Society of Automation is offering a free white paper entitled “What Executives Need to Know About Industrial Control Systems Cybersecurity”. The article provides useful commentary and information that establishes the scope of cybersecurity in the industrial process control space and provides a basic framework for understanding how every process may be impacted by lax cybersecurity efforts. The author, Joseph Weiss, differentiates Industrial Control System (ICS) cybersecurity from that of organizational IT through a review of various attributes common to both types, including message confidentiality, integrity, time criticality, and more. Any reader’s awareness and understanding of the cybersecurity risks to their operation will be enhanced through this article. I finished reading the article wanting more on the subject, and ISA is certainly a resource for additional content.

A quote from the article...
“Cyber incidents have been defined by the US National Institute of Standards and Technology (NIST) as occurrences that jeopardize the confidentiality, integrity, or availability (CIA) of an information system.”
ICS cybersecurity extends beyond preventing malicious outside intruders from gaining access. It is an important part of maintaining the overall operating integrity of industrial processes. A holistic approach is advocated to identify physical risk factors to the process and its componentry (previous article on device protection), as well as vulnerabilities that may prevent exploitation by unauthorized parties. Weiss goes on to describe the role and qualifications of the ICS Cybersecurity Expert, essentially an individual that can function effectively as an IT cybersecurity tech with the added skills of an industrial control systems expert.

A synopsis of attack events is provided in the article, with the author’s conclusion that not enough is being done to secure industrial control systems and the risk exposure is substantial in terms of potential threats to personnel, environment, and economy. By providing your name and email address, you can obtain the white paper from the ISA website. Your time spent obtaining and reading the article will be well spent.

For any specific information or recommendations regarding our products and cybersecurity, do not hesitate to contact us directly. We welcome any opportunity to help our customers meet their process control challenges.