Preventing physical damage from cyberattacks

All too often, security vulnerabilities are much closer to home, much simpler, and in some ways more concerning precisely because they can affect our everyday lives.

10/05/2018


Courtesy of Southland IndustriesThe term "cybersecurity" typically conjures up images of digital warfare between implacable hackers bent on world domination and stalwart IT defenders determined to protect critical national defense and financial systems. Of course, there is some truth to this. All too often, though, security vulnerabilities are much closer to home, much simpler, and in some ways more concerning precisely because they can affect our everyday lives.

The threat

Energy management and control systems (EMCS) are seldom top-of-mind for the general public. More than 99 percent of the population will have never heard the term. An EMCS is in some ways a glorified thermostat that ensures the conditions within a building remain comfortable. Normally, there is no cause to worry about it. But EMCS, and similar systems called supervisory control and data acquisition (SCADA), actively control equipment whose proper operation is fundamentally critical to functional buildings.

Any modern office building, school, hospital, data center, university or military facility is served by large, complicated mechanical systems that provide heating, cooling, and ventilation. Shutting down any of these mechanical systems threatens the function of the facility. A data center, for example, cannot operate without air conditioning for more than a few minutes. Sabotaging a building does not necessarily require attacking it directly; it can be as simple as shutting down a fan or a boiler at the right moment.

How we got here

Historically, EMCS security was never an issue. These systems existed out-of-sight, tucked away deep in boiler rooms, isolated from most other operations. Most of them had limited or no connections to the outside world and operated on their own proprietary networks, separate even from the standard ethernets of the IT world. This anonymity was in some ways their best defense, since the level of security designed into the systems themselves was often low, and little attention was given to the issue by system users.

In today's Internet-of-Things environment, where every device has an IP address and all systems could be connected to any laptop, the security of EMCS, SCADA and similar systems takes on much greater importance. Cyberattacks on industrial systems that control processes like electricity generation, refineries, data centers and gas pipelines are commonplace. In 2015, 295 attacks on such systems were reported to US authorities. By 2017, that number exceeded 1,000. Despite this, all major communication protocols for facility and industrial control systems are vulnerable. Some of them have no data security protocols whatsoever.

The problem is exacerbated by the fact that building and industrial engineers are not IT professionals or cybersecurity experts. Their focus is on ensuring the systems perform their intended tasks with security as a secondary concern. In many cases, specifying engineers, installers and building operators lack the awareness or training needed to ensure the security of these systems.

Ways to increase system security

Broadly speaking, defending these systems can be broken down into two categories: external and internal attacks. External attacks will most likely originate from the Internet. For this reason, all Internet connections should be treated as potentially hostile and secured against intrusion. Several options can be explored:

  1. No connection - while obviously secure, this severely limits the functionality of modern systems, which need to exchange data with a host of other applications or need to be monitored / controlled from remote locations.
  2. Remote desktop application - this requires a dedicated software package running on a remote computer. While effective, this in turn creates another point of vulnerability at the remote computer itself, which must likewise be protected.
  3. Virtual Private Network (VPN) Firewall - similar to a remote desktop but with a more secure connection. The remote computer itself still requires protection.
  4. Dedicated EMCS / SCADA Web Server - rather than connecting an EMCS directly to the Internet, a separate server is placed behind a firewall and access to the server itself is restricted.

Any of these, or some combination of them, will improve a system's security. But all of them will prove useless if a hacker obtains authentication credentials from an end user. Guarding against this requires the same policies commonly found in IT departments that mandate strong, frequently changed passwords and active protection against probes such as phishing emails that try to lure users into disclosing their passwords. In addition, physically protecting the system components behind locked access is a must.


Ken Robinson, director of operational excellence, Southland Industries. This article originally appeared on Southland's blog. Southland Industries is a CFE Media content partner.



Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
Design of Safe and Reliable Hydraulic Systems for Subsea Applications
This eGuide explains how the operation of hydraulic systems for subsea applications requires the user to consider additional aspects because of the unique conditions that apply to the setting
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
October 2018
HMI hardware evolution, Data acquisition strategies, Matching motors and drives, Machine vision advice
September 2018
Optimize controls via cloud software, ladder logic simulation, industrial wireless best practices
August 2018
Augmented reality and virtual reality education, autotuning PID control, cybersecurity advice, educating engineers
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

October 2018
2018 Product of the Year; Subsurface data methodologies; Digital twins; Well lifecycle data
August 2018
SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, progressive cavity pumps
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
Design of Safe and Reliable Hydraulic Systems for Subsea Applications
This eGuide explains how the operation of hydraulic systems for subsea applications requires the user to consider additional aspects because of the unique conditions that apply to the setting
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
October 2018
HMI hardware evolution, Data acquisition strategies, Matching motors and drives, Machine vision advice
September 2018
Optimize controls via cloud software, ladder logic simulation, industrial wireless best practices
August 2018
Augmented reality and virtual reality education, autotuning PID control, cybersecurity advice, educating engineers
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

October 2018
2018 Product of the Year; Subsurface data methodologies; Digital twins; Well lifecycle data
August 2018
SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, progressive cavity pumps
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
Design of Safe and Reliable Hydraulic Systems for Subsea Applications
This eGuide explains how the operation of hydraulic systems for subsea applications requires the user to consider additional aspects because of the unique conditions that apply to the setting
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
October 2018
HMI hardware evolution, Data acquisition strategies, Matching motors and drives, Machine vision advice
September 2018
Optimize controls via cloud software, ladder logic simulation, industrial wireless best practices
August 2018
Augmented reality and virtual reality education, autotuning PID control, cybersecurity advice, educating engineers
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

October 2018
2018 Product of the Year; Subsurface data methodologies; Digital twins; Well lifecycle data
August 2018
SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, progressive cavity pumps
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me