Print this article
- 05/31/2018

Cyber Security in Cyberspace: the System Security Challenge

Chimica Oggi-Chemistry Today

E-mail, the Internet and GPS are things which we now take for granted. The smartphone has only been around for ten years, but it is hard to imagine life without it. The world is now a faster place. Information can be sent and received in real time. High-speed communications are available anytime, anywhere around the world.

However, this new and exciting world also has its downsides. Inadequate network security allows unauthorized access to confidential and personal information by third parties.

What is happening on open WLANs at train stations and in Facebook’s privacy settings is applicable to industry as well where optimal interaction between humans, machines and IT systems is receiving greater emphasis. There is also an increasing need for individualized products. To be ready for the impending changes, companies have to take a fresh look at their production and logistics flows and restructure their operations. The magic word here is Industry 4.0. “Cyber-physical production systems” will control and monitor new production processes.

The term “cyber-physical production systems” refers to tight integration between real (physical) process flows and information processing. Global information networks with always-available connectivity provide the basis. The physical processes consist of embedded systems which exist in a technical environment. The virtual processes are data, information and services which can be made available on the information network.

The BMBF (Ministry of Research and Education) Industrie 4.0 project envisages machines which communicate with each other, inform each other about faults in the production process, identify material shortages and reorder materials. Without that, there is no intelligent factory. Internet-driven process digitalization leads to convergence of the real and virtual worlds, creating the Internet of Things. It establishes interconnectivity between the individual process steps and provides external access to the production systems.

New technology = new security risks?

A security strategy, which includes all of the measures needed to protect the system, must be defined prior to system commissioning. The goal is to identify and assess risks and take appropriate measures to minimize the likelihood of incidents occurring.

The main purpose of process control technology is to monitor and control process flows. PCT safety systems are protection mechanisms which trigger an alarm or activate safety functions when a deviation from the nominal operating state is detected. The task of the safety system is to avoid faults in the process. Particularly in the chemical industry, deviations in reaction temperature, pressure and fill level can have disastrous consequences. That makes it all the more important to detect deviations early and avoid them wherever possible.

Hazards and damage can come from many sources. In explosion hazard zones, the ignition of the air-gas or air-dust mixture and cause an explosion. Excess pressure can cause leaks.

Safety at chemical plants has top priority, and the requirements are defined in regulations and standards. IEC 61508/61551 forms the basis for the functional safety standard which applies to safety systems and equipment. The term “functional safety” refers to protection against hazards and damage provided under the correct, safety-related control of a safety system.

In the chemical industry in recent years, production system technology along with equipment and machine technology has continued to evolve. Acquisition, retrieval and transfer of large data volumes are now feasible without problems. Data, networks and design drawings are available for access, and information can be shared with experts over large distances. Tablets and smartphones can be used for system monitoring, making system surveillance, machine testing and repair & maintenance far easier. Unauthorized access to an Industrial Automation Control System (IACS) to gain control of an entire production line can result in very costly stoppages and equipment damage.

Cyber Security – Security for Safety

The chemical industry is reacting to the changes which are taking place. Given the increasing IT security threats, IT teams are looking at whether and to what extent the integrity of PCT safety systems could be at risk. Chemical plants need to develop a defense strategy. Functional safety on automation systems makes it possible to protect equipment and systems and prevent human health risks and environmental hazards.

The three main IT security protection goals are confidentiality, integrity and availability. The goal of the cyber security teams is secure, reliable automated data exchange between network-connected production systems along with protection of products and systems.

PCT safety systems are used in the chemical industry to prevent damage or injury to workers, the environment and equipment. They are built around components such as sensors, actuators and programmable controllers. These elements can be the target of cyber attacks. Because systems used to configure sensors and actuators directly affect the safety function, data links with local systems must be protected. Directory services for user access control, update services for virus patterns and operating systems, time synchronization and back-up and restore services are key elements which must be included in risk analysis and in the system documentation. A small modification in the system can result in the failure of PCT protection, putting plant safety at risk.

Minimizing the number of components in a PCT safety system reduces the need for protective measures. An effective way of providing protection is to minimize the number of interfaces, hardware and software components and humans involved.


More details on