Industrial Control Systems (ICS) are prone to cyber-attacks, and cyber defence measures usually focus on computers, IT networks and data highway, with ICS often a little-noticed gateway for attacks.
If these control systems are not secure, the process industry in particular, could face huge losses. Our experts at DEKRA advise systematic security assessments of vulnerabilities and implementation of protective barriers.
Cyber-attacks on ICS can result in accidents, the consequences of which extend far beyond financial losses. Aside from direct health hazards for staff and local residents, there is also the risk of long-term damage to the environment.
To prevent attacks via ICS, it is essential to go through the process plant and ask what happens if part of the process control system fails.
The plant operator should systematically assess the situation: Have all the weak spots been identified? Are the biggest consequences of accidents common knowledge? Are there security features in place that can prevent external access? Are there security barriers in place that function independently? Is the EHS business area well-equipped?
Plant operators do not need to be proficient in IT to consider cybersecurity in a plant PS context, but it is an ongoing problem that people wrongly assume otherwise. As an example, a cyber-attack could close valves and cause a vessel to become full or blocked; on high pressure, the vessel could rupture and explode. Simply making the valve beneath the pressure relief valve a manual one, that cannot be operated from the control system highway, will prevent a cyber-attack from putting people in danger.
Furthermore, the Health & Safety at work act requires “suitable and sufficient assessment of the risks”; it is therefore essential that all plants consider assessing cyber-attack risk and subsequent process control failure.
For those requiring support, our DEKRA Cyber SafePS solution has been designed to identify cybersecurity risk to a plant. Based on an analysis of the major accident hazards, the assessment evaluates the protective measures and barriers in place – the objective being to achieve cybersecurity via a series of systems and barriers that function independently of each other. DEKRA Cyber SafePS is implemented by industry experts from DEKRA UK.
Understanding how to prevent Major Accident Hazards with a robust cybersecurity will be discussed in an upcoming 3-hour ‘Cybersecurity in Process Plant Safety’ webinar with our process safety expert Clive de Salis on the 8th December 2020, as part of our DEKRA Process Safety Academy – Global Fast Track to support an accelerated path to understanding process safety fundamentals. To find out more and register please click the link below. We are offering a complimentary 30-minute consultation call and a guidance on a cyber security policy for anyone who joins the webinar.
Additional information on the importance of cybersecurity and the DEKRA Cyber SafePS solution can also be found via the link,