In 1982, long before a cybersecurity threat to control system networks was widely recognised, a Trojan horse attack on control system software reportedly caused a huge explosion in a Siberian gas pipeline. Even now, many systems that have been retrofitted for compatibility with the Industrial Internet of Things (HoT) are not well protected.
Here, Robin Whitehead, strategic projects director at systems integrator and industrial networks expert Boulting Technology, explains the top considerations to ensure cybersecurity when retrofitting a system.
Connected devices have led to an increased value on data from real-time monitoring, as well as the creation of initiatives, such as the smart grid, digital oilfield and smart asset management in the water industry. However, these new technologies and applications have also led to a rise in potential security risks within a plant's network.
Because very few companies find themselves able to build a new facility from scratch, many plant managers and engineers are choosing to retrofit existing systems with smart sensors and communication packages to take full advantage of the benefits of IIoT.
Many systems such as motor control centres (MCCs) and programmable logic controllers (PLCs) have an expected lifespan of decades and were originally designed to operate in isolation during a time of low cyber-attack risk. Connected devices can create vulnerabilities if substantial security systems aren't in place.
Just one weak spot in a plant, such as an unprotected PLC can leave an entire network vulnerable to cyber-attack, especially as there are currently no regulations or clear rules about how these networks should be protected.
Research agency Gartner estimates that more than 20 per cent of enterprise security attacks will involve the internet of things (IoT) connections by 2020 and it is safe to assume that many of these attacks will use weak points such as improperly secured MCCs and PLCs to gain network access.
The Siberian pipeline attack is just one example of the devastating effects of control system vulnerabilities.
If a vulnerability is present, an insecure network can allow a threat such as a self-replicating...