InTech

SEP-OCT 2017

Issue link: http://intechdigitalxp.isa.org/i/882230

Contents of this Issue

Navigation

Page 31 of 57

32 INTECH SEPTEMBER/OCTOBER 2017 WWW.ISA.ORG SPECIAL SECTION: CYBERSECURITY l discovery of new natural resources, such as new oil reserves l investments in human and physical capital, such as factories l population growth l advancements in technology Each of these contributors, both in- dividually and in combination, have driven explosive economic growth as well as significant improvements in quality of life in the U.S. and the rest of the world. Technological advances, and more specifically, productivity improve- ments delivered by advances in process automation technology, have had a key role in this economic growth. Process automation and the digital revolution have replaced human labor, signifi- cantly improved process reliability and quality, and dramatically lowered costs. They have also greatly improved process safety and environmental protection in highly hazardous process industries, such as oil and gas, refining, and petro- chemicals. However, the great improve- ments in process automation have not been without technological challenges. Historical ICS challenges Although the first mention of feedback control dates back to a water clock in Greece in 270 BCE, modern industrial automation systems first appeared in the late 19th century. The evolution of industrial automation, which began with pneumatic damper controls, launched an era of productivity improvements that continues today. Automation systems have continued to evolve over the years. The latest gen - eration of connected automation tech- nologies has driven a wave of Internet of Things (IoT) and Industrial IoT (IIoT). IoT and IIoT are taking our factories to ever higher productivity levels, driving our automobiles autonomously, and bringing even better health management by monitoring blood sugar levels in real time. However, proliferating automation also has a downside. In 1975, Honeywell and Yokogawa introduced the first distributed control systems (DCSs), with other vendors fol - lowing shortly thereafter. Most plants quickly embraced these systems, de- ploying control systems from a variety of vendors to meet a host of process automation needs. Over time, many facilities adopted 30 or more different vendor systems and applications. Unlike the open, standards-based IT systems we see today, each ICS has its own proprietary hardware and soft- ware. With no standardized protocols for automatically gathering proprietary ICS inventory data, it is difficult to track critical security configuration data, such as firmware, installed software, and control logic. The highly propri- etary and heterogenous nature of ICSs hinder efforts to gather and maintain a holistic enterprise view of the ICS net- work, devices, and configuration. The flexibility of DCSs enables con- tinuous improvement and optimiza- tion of industrial processes. This in turn increases productivity and profitability. However, control system flexibility has not always brought positive outcomes. Mistakes made by humans have caused safety incidents and lost production since the advent of the systems. Industrial systems perform deter- ministic tasks with a high degree of availability and integrity over a life cycle of many years. Many ICSs in operation today were built 10, 20, or even 30 years ago. Ten- to 20-year life cycles are the rule, not the exception. This means that most ICSs installed in plants today were not designed with cybersecurity in mind. New challenge The rapid proliferation of IoT and IIoT, enabled by increasingly affordable sen- sors, more and more powerful com- puters, and ubiquitous connectivity, has transformed the way we live today. The automation revolution allows us to monitor our homes remotely, correct poor driving behavior, and squeeze more out of a gallon of crude oil. How- ever, the systems behind these advanc- es are vulnerable to cyberattack. ICSs pose cybersecurity risks at a to- tally different level than IT or IoT sys- tems. ICSs are vital to every nation's critical infrastructure, and threat actors know this. Over the past few years, al- most every industry has had a prolifer- ation of cyberattacks that reach beyond IT and into OT. Recent cyberattacks on production facilities and power grids demonstrate that exposed ICSs are ap- pealing targets for bad actors. Cybersecurity vulnerability aware- ness and mitigation technologies for IT systems have been in place since the mid-1990s, but ICS cybersecurity technology is still in the early stages of adoption. Today, IT security limita- tions, rapidly increasing ICS connectiv- ity, an expanding threat landscape, and difficulty discerning between inadver- tent human errors and cyberattacks make defending ICSs very difficult. IT and OT Effectively meeting ICS cybersecurity challenges begins by recognizing that OT is uniquely different from IT. IT systems manage digital bits of infor- mation. OT systems drive production by monitoring and directly controlling physical devices, such as circuit break - ers at power stations that distribute electricity and the valves and compres- sors at refineries that produce gasoline. While attackers focusing on enterprise IT seek to steal or deny access to infor- mation, attackers of OT focus on taking control of physical devices to interrupt production or cause safety incidents. When connectivity between IT and OT systems began to emerge about two decades ago, there were few concerns about cybersecurity within the OT lay- ers. Cybersecurity only became a prior- ity within the process and power indus- tries after the discovery of Stuxnet. The rapid proliferation of IoT and IIoT, enabled by increasingly affordable sensors, more and more powerful computers, and ubiquitous connectivity, has transformed the way we live today.

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - SEP-OCT 2017