The potential for terrorist attacks on chemical plants, refineries and other process industries is drawing increased attention these days, both in terms of physical break-ins and electronic, network-based intrusions.
“After Sept. 11 got everybody’s attention focused, a lot of our customers decided that they really had to do something about this,” says Peter Zornio, director of product marketing for Honeywell Process Solutions, in Phoenix. Many companies added security to the job responsibilities of someone at their plants, says Zornio, while others created separate new, security positions.
As a major supplier of process control systems, as well as building security systems, Honeywell is well-positioned to address process industry concerns in this arena. And during a recent visit to Automation World offices, Zornio was asked about the state of the process industries’ security preparedness.
“We are spending a lot more time talking with our customers about what they’re doing in this area,” said Zornio. But process industry customers are not yet spending big dollars on new security solutions—of either the physical or the cyber variety, Zornio said. Instead, many companies are still trying to sort out where they stand, and how vulnerable they are, he noted, and they are taking advantage of Honeywell services for physical and cybersecurity risk assessments.
Zornio cited work by researchers at the British Columbia Institute of Technology showing that one of the worst vulnerabilities of process plants is the unsecured modem lines found in many facilities. These modems are typically installed with good intentions, as a way to enable remote equipment troubleshooting by vendors. But they are also highly insecure, because they bypass corporate firewalls, Zornio said.
“The biggest concern right now by far is not terrorists,” Zornio added. “It’s viruses. The thing that everybody in our customer base is worried about is how quickly they can get the latest patch from Microsoft certified by Honeywell and installed, to prevent viruses from coming in and taking over.” After viruses, vulnerability to cyber intrusions by computer hackers and terrorists ranks next on customers’ lists of concerns, followed by concerns over physical security issues, Zornio said.