Last month, one of the most significant cybersecurity attacks for industry was revealed in reports from FireEye and Dragos, detailing the Triton/Trisis malware attack on a process facility in the Middle East that directly targeted a safety instrumented system (SIS).
HIMA, which specializes in safety-related automation systems for process industries, has long been an advocate for keeping safety and process control platforms separate and diverse in any process operation. In the aftermath of the professionally executed attack, which “again clearly shows that facility operators need to take the subject of cybersecurity very seriously,” HIMA reiterated its guidance on cybersecurity in safety-critical systems. It is important for facility operators to physically separate their process control systems and safety and security systems, implementing the requirements of the standards for functional safety and automation security (IEC 61511 and IEC 62443), HIMA contends.
The cyber attack represents a new dimension of cyber threats to critical infrastructure, and the incident should further expand awareness of the subject of cybersecurity in industry, said Alexander Horch, vice president of research, development and product management at HIMA, emphasizing the diligence required beyond the safety system itself. “Work processes and organizational deficiencies are by far the most common areas of vulnerability for successful cyberattacks,” he said. “System interfaces that remain open during operation and can be used to program the systems concerned, for example, give attackers a potential point of access. We urgently advise facility operators to not rely solely on cyber-safe components, but instead to establish a comprehensive security concept for their own facilities.”
In addition to keeping plants safe through automation products, HIMA supports plant engineers and operators in developing security concepts for the entire lifecycle. “For facility operators, it is important to constantly keep an eye on potential forms of manipulation,” said Heiko Schween, a security expert at HIMA. “In this regard, safety-critical applications are fundamentally different from other industrial PLC or office applications. Considerable expertise is necessary to ensure cybersecurity in safety applications.”
