The necessity to protect “our” vital digital infrastructure is high. In April 2020, the Dutch General Intelligence and Security Service published in their yearly report that more and more companies in the Dutch ‘top sectors’ have been hacked by Chinese and Iranian hackers. The Cyber Security Council published on the 29th of April that there is a lot of work to improve the cyber resilience of Industrial Automation & Control Systems (IACS). So, why is this an issue and why does the cyber resilience needs to be improved?
The use of software driven electronics, the vital infrastructure (IACS), is increasing. Think of the use of PLC’s, SCADA and DCS systems, but also lower level sensory devices and actuators in plant controls. The process safety in these plants can clearly be affected if the software were to be negatively influenced. Dutch society must be able to rely on the safety and continuity of IACS for example the function of our sluices and bridges, energy and gas distribution, drinking water cleaning and distribution and the process of nuclear material. A disruption of these mentioned IACS could lead to a major disruption. The need for more cyber resilience is here. From 2010 to 2017, over 20 cyber-attacks took place from malware hacks to attacking global oil companies, to group espionage targeting aviation and energy sectors.
Actually, how to digital secure your IACS is defined in IEC norms. In IEC 61511-1, the link between safety and security are described and where safety instrumented systems should also be analyzed for security vulnerability risks (clauses 8.2.4; 11.2.12 and 126.96.36.199&4; 11.8.6; 12.4.2). IEC 61511 refers to IEC 62443 for security risk assessment.
The term OT (Operational Technology as opposed to IT information technology) is often used for plant and process controls. OT has different needs and architectures from IT systems. OT needs to handle very small information packets rapidly from a very large number of sources with a minimum overhead, whereas IT can implement overhead to secure larger streams of information with handshakes (TCP), encryption or digital signatures.
To successfully mess with IACS is not easy if one does not have the technical expertise of how to penetrate the OT system (which is a bit different from IT systems) and if one does not have additionally sufficient knowledge about the processes that are governed by the IACS. One must know what commands will succeed and what result they will have. Thus, OT attackers must have sufficient knowledge about OT and IACS devices as well the processes they control.
The standards for cyber security
The IEC standard that particularly targets this topic of cyber-attacks on industrial automation and control systems is IEC 62443: Industrial communication networks - Network and system security. The entire standard comprises of actually nine parts, but the interesting part is 3-3 system security requirements and security levels, which suggests how to work with the 4 Security Levels (SL) that are suggested by the standard. The security of IACS is not easy, because it depends on the company risk management. Each IACS may present a different risk to the organization depending on threat levels and likelihood of occurrence, also because organizations may have different tolerances of risk. The standard aims to define a set of engineering measures that will guide an organization through the process of assessing the risk of a particular IACS and identifying and applying security countermeasures to reduce that risk to tolerable levels.
This standard provides a basis for specifying security countermeasures by aligning the target security level (SL-T) identified in this standard with the required security level capabilities (SL-C) specified in IEC 62443‑3‑3. This is analogous to how we work with IEC61508 and 61511, especially the LOPA method that has been described in the latter. The IEC 61511 established SIL (safety integrity levels) 1 through 4 for SIS (Safety Instrumented Systems), whereas IEC 62443 Part 3-3 establishes SL (security levels) 1 through 4 for an IACS. Bilfinger Tebodin wants to analyze this and see if they can make a practical application from a process safety standpoint.
Where is Bilfinger Tebodin related to cyber security?
As the IEC 62443 states, a risks assessment should be evaluated to determine what level of safety and security is necessary. Bilfinger Tebodin has experience with risk assessment not only focused on process safety, but on cyber security as well. Bilfinger Tebodin engineers as well as Bilfinger group companies have good knowledge and understanding of identifying and applying security countermeasures for IACS.