We use functional cookies for a number of reasons, such as keeping the Costain website reliable and secure and to analyse how our site is being used.
Will you accept our use of non-essential cookies?

Yes No Privacy Notice

Cyber Security In The Process Industry

25 July 2016

Costain’s Chris Southan, Chief Control and Instrumentation (C&I) Engineer in the company’s Natural Resources Division based in Manchester, spoke at the annual Humber Major Hazards Conference recently to discuss cyber security in the process industry.

Once the preserve of Hollywood films, cybercriminals are now scaling their technical capabilities so quickly that UK law enforcement and businesses are struggling to keep up. According to data from the National Crime Agency, there were 2.46 million "cyber incidents" last year.

Although the vast majority of these cyber incidents were business or fraud-related, attacks on Industrial Control Systems (ICS), which control physical processes within the resource extraction, process manufacturing and the utilities industries, are also at risk.

Major industries and critical national infrastructure are reliant on modern ICSs for their core operations. As the ICS controls physical processes, any attacks have the potential to cause economic losses and present risks to safety and the environment. A recent event disrupted the electrical supply to millions of customers.

“Industrial Control systems (ICS) are evolving from being proprietary ‘closed’ systems to ‘open’ systems integrated to business networks and the internet. This is driven by a need to make plant level data accessible to the business. Asset owners in the process industries must therefore ensure the integration of robust protective measures to defend their critical control and safety systems from external and internal attacks,” said Chris.

Chris’s presentation gave an overview of common vulnerabilities of industrial control systems which can occur if the correct design and procedural controls aren’t set in place. The presentation also discussed the industry drive towards the adoption of a regulatory framework based on cyber security standards, including IEC62443, the certification of products and competence requirements for ICS cyber security practitioners.

Chris highlighted Costain’s experiences together with areas where the company will be strengthening its offering to provide further support to Clients throughout the project lifecycle.

“ICS threats are exceeding the collective response of UK industry at this time and further action needs to be taken in order to avoid repeats of recent serious cyber-attacks. There is a need for process manufacturing industry operator asset owners, designers and product suppliers to react to these threats through increased collaboration between control systems and IT practitioners,” said Chris.

Chris gave his presentation at the HCF CATCH training facility in North East Lincolnshire. HCF CATCH Ltd is an industry led partnership supporting the process, energy, engineering and renewable industries in the Humber region.


Media Enquiries
Costain Communications Department
01628 842585
[email protected]