Distributed control systems (DCSs) are commonplace in continuous processing, particularly in the oil and gas and chemical industries where they’re used to control several machines or processes at the same time. This differs from PLCs (programmable logic controllers), as a PLC is typically used to control just one machine.
Open systems. “Open protocol networks are a historical hallmark of distributed control systems and are usually considered a huge benefit,” said Mirth. “But the additional avenues of risk associated with online, connected control systems may leave producers more vulnerable. The Zone and Conduit model can help mitigate the threat and keep critical assets segmented from most vulnerable areas. Managed firewalls are another important part of protecting open systems.
Evolving workforce. “The people who have access to your plant and systems are an important piece of the overall cybersecurity puzzle,” said Mirth. “Breaches can be caused by innocent mistakes as well as those with nefarious intentions.” To address this, Mirth said to ask yourself: Do you know who manages user accounts and system access for your company? Also, are there any accounts that have remained active and unused for years? Adhering to international standards, such as the ANSI/ISA-62443-3-3 standard, and managing your users as part of a cybersecurity strategy can help mitigate this risk, Mirth added.
Unknown ROI. Too often, companies view cybersecurity as an expense with an unidentifiable ROI (return on investment). Mirth said that, with cybersecurity or any risk mitigation initiative, “it’s less about how much money the company will make and more about what you don’t want to lose. With a proper risk assessment, vulnerabilities, risks, and mitigation strategies can be evaluated and allow producers to answer questions such as: What risk are we willing to accept? What will it cost to make the changes needed to feel comfortable in our risk posture?” Mirth said it may not be as expensive as you think to make changes, and the opportunity cost for not protecting your systems is too great to pass up implementing even some simple measures.
Finally, Mirth pointed out that it is necessary for industrial companies to realize that having an evolving plan will be needed to properly secure your DCS. That’s why it’s important to recognize the criticality of the cybersecurity challenges he cited and to “select a plan that keeps enhanced overall security, flexibility, and digital transformation in mind and won’t trap you from making the progress you need to run your business.”