Since the Stuxnet strike hit the headlines back in 2010, the security of industrial control systems has been called into question. Motivation for an attack can range from the relatively unsophisticated revenge attempts of a disgruntled employee, to a calculated act of cyber sabotage implemented by a warring nation against the critical infrastructure of a rival. In these latter cases, the skill and ingenuity of the ‘black hat’ programmers is formidable enough to leave any defence vulnerable. A situation compounded by the increasing levels of interconnectedness that characterise the IIoT era, along with its call for more ‘open’ system interfaces.
The Stuxnet worm, and those which followed, targeted the plant control systems. Now, it seems, the threat has evolved even further. Cybersecurity specialists, FireEye, recently reported on an attempted malware attack at a petrochemical plant in the Middle East, which targeted the facility’s safety systems.
According to the post https://tinyurl.com/ydfrjpme, the hostile malware is a framework called Triton, designed to interact with the SIS platform. Details on how the hackers gained access to the system are sketchy, but it is believed this was remotely done through an SIS workstation. Once the system had been breached, an attempt was then made to reprogram the SIS controllers.
As it turns out this was a mistake. Thanks to a security measure implanted in many controllers after the Stuxnet incident, the SIS system entered a fail-safe state when the application code between redundant units did not stand up to a validation check. The result was a safe shutdown of the plant with no damage to either personnel or equipment, but it did prompt the asset owner to initiate an enquiry.
After piecing together the evidence, FireEye investigators concluded that preparation of Triton would have required substantial cybersecurity and engineering expertise. Since there was no apparent monetary goal, and the target was a critical infrastructure operator, they concluded that the most likely ‘threat actor’ was a rival nation state.
Whether the threat is from a rival nation or a disgruntled employee is not the point, the scary part is that safety systems as a class just became targets for a cyber attack. Paradoxically, what made them vulnerable are the very features demanded by end-users these days – remote accessibility and configuration.
Will cybersecurity turn out to be the stumbling block of the Fourth Industrial Revolution? It’s too early to say. What we do know is that in the consumer sector it did not stop the banks from successfully putting their businesses online. Admittedly the risks are different, but the consequences are every bit as disastrous to the brand.
What the banks did not do was go digital all at once in a ‘big bang’ approach. Perhaps industry can learn from this: when it comes to critical infrastructure, do not put everything online just because you can. First, evaluate the business case through a comprehensive SWOT analysis. If it turns out that the rewards far outweigh the risks, and the risks are manageable, then there is a strong case for going digital. Most importantly, follow the advice of the equipment supplier when it comes to cybersecurity best practices, which, it seems, was not done to the letter at the plant described above. Nick Denbow has more on the Triton story in this month’s European Report. See ‘(Process plants as weapons of war’).
Wonderware X-Change 2018
While on the topic of following the advice of your equipment supplier, this year’s Wonderware Southern Africa annual user conference – X-Change – returns to the picturesque Champagne Sports Resort in the Drakensberg. The 2018 event will address the recent addition of Schneider Electric Software solutions to the organisational portfolio. Under the theme ‘Define your game plan for digital transformation’, the conference aims to show delegates how digital technologies can be used to enable operational and business goals. For any organisation that needs to improve its overall productivity through better insight across its value chains, the Champagne Sports Resort looks well worth a visit from 15-18 April. See ‘(Define your game plan for digital transformation at X-Change 2018’)
Steven Meyer
Editor: SA Instrumentation & Control
| Tel: | +27 11 543 5800 |
| Email: | [email protected] |
| www: | www.technews.co.za |
| Articles: | More information and articles about Technews Publishing (SA Instrumentation & Control) |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version