Cyber Security In The Process Industry
25 July 2016
Costain’s Chris Southan, Chief Control and Instrumentation (C&I) Engineer in the company’s Natural Resources Division based in Manchester, spoke at the annual Humber Major Hazards Conference recently to discuss cyber security in the process industry.
Once the preserve of Hollywood films, cybercriminals are now scaling their technical capabilities so quickly that UK law enforcement and businesses are struggling to keep up. According to data from the National Crime Agency, there were 2.46 million "cyber incidents" last year.
Although the vast majority of these cyber incidents were business or fraud-related, attacks on Industrial Control Systems (ICS), which control physical processes within the resource extraction, process manufacturing and the utilities industries, are also at risk.
Major industries and critical national infrastructure are reliant on modern ICSs for their core operations. As the ICS controls physical processes, any attacks have the potential to cause economic losses and present risks to safety and the environment. A recent event disrupted the electrical supply to millions of customers.
“Industrial Control systems (ICS) are evolving from being proprietary ‘closed’ systems to ‘open’ systems integrated to business networks and the internet. This is driven by a need to make plant level data accessible to the business. Asset owners in the process industries must therefore ensure the integration of robust protective measures to defend their critical control and safety systems from external and internal attacks,” said Chris.
Chris’s presentation gave an overview of common vulnerabilities of industrial control systems which can occur if the correct design and procedural controls aren’t set in place. The presentation also discussed the industry drive towards the adoption of a regulatory framework based on cyber security standards, including IEC62443, the certification of products and competence requirements for ICS cyber security practitioners.
Chris highlighted Costain’s experiences together with areas where the company will be strengthening its offering to provide further support to Clients throughout the project lifecycle.
“ICS threats are exceeding the collective response of UK industry at this time and further action needs to be taken in order to avoid repeats of recent serious cyber-attacks. There is a need for process manufacturing industry operator asset owners, designers and product suppliers to react to these threats through increased collaboration between control systems and IT practitioners,” said Chris.
Chris gave his presentation at the HCF CATCH training facility in North East Lincolnshire. HCF CATCH Ltd is an industry led partnership supporting the process, energy, engineering and renewable industries in the Humber region.
Costain Communications Department