HIMA, a global independent vendor of smart safety solutions for the process industry, has announced to provide expert consulting on cybersecurity in safety-critical systems
In late 2017, the ICS cybersecurity specialist Dragos announced that a safety controller (SIS) of a HIMA competitor in a process facility in the Middle East had been targeted by a new malware attack and it was successfully hacked. The professional execution of the attack shows that facility operators need to take the subject of cybersecurity very seriously.
The cyberattack represents a new dimension of cyberthreats to critical infrastructure. According to current knowledge, it was specifically planned and designed to target the SIS of a particular manufacturer. This sort of attack on a SIS is very sophisticated and possible with significant effort.
Dr Alexander Horch, vice-president for research, development and product management at HIMA, said, “The incident with our competitor should serve as a wake-up call for all of us and further enhance awareness of the subject of cybersecurity in the industry. Work processes and organisational deficiencies are by far the most common areas of vulnerability for successful cyberattacks. System interfaces that remain open during operation and can be used to programme the systems concerned, for example, give attackers a potential point of access. We urgently advise facility operators to not rely solely on cybersafe components, but instead to establish a comprehensive security concept for their own facilities.”
To achieve maximum safety and security, facility operators need to implement the requirements of the standards for functional safety and automation security (IEC 61511 and IEC 62443) for physical separation between process control systems and safety and security systems.
“In this regard, safety-critical applications are fundamentally different from other industrial PLC or Office applications. Considerable expertise is necessary to ensure cybersecurity in safety applications. Maintaining and constantly refining security often poses a challenge to facility operators. It is therefore advisable to draw on the services of experienced safety and security experts in order to jointly develop and implement effective concepts”, said Heiko Schween, a security expert at HIMA.