Eastman Chemicals, one of the world’s largest chemical companies, recently decided to strengthen their information security and reliability, as well as develop a path forward to lower software maintenance costs. This Case Study shows how Eastman achieved their goals by globally standardizing on Bentley's ProjectWise software in order to replace an aging, but critical, in-house records management system. The ProjectWise solution has enabled Eastman to significantly reduce their IT costs, and is helping them achieve greater security of their vital plant information while providing a modern data-centric environment to move beyond engineering records into asset performance improvement.04/14/2015
In the decade before Stuxnet attacked process control systems in Iran, there were just five known supervisory control and data acquisition (SCADA) vulnerabilities for all control systems in the world, according to the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). In 2011, the year after Stuxnet, that vulnerability count jumped to more than 215. Last year, it reached 248 (Figure 1). No surprise then that Chemical makers are increasingly focusing on protecting their process control systems from intrusion both from the inside and outside. In this Chemical Processing Special Report: Secure plan(t), we take a look at:
- How to better protect your control system - “Defense in depth” is crucial, and new and maturing technologies may help
- Cyber Security Challenges – learn about countermeasures to protect control systems
- Case Study: A vulnerability assessment reveals critical gaps in the security of a natural gas pipeline
- How to mitigate security risks in legacy process control systems - several steps can help protect against threats and extend the life of legacy equipment
Patching process control system software to remove security vulnerabilities is fraught with risk. System issues can be the result of installing a patch, but a system is also vulnerable without patching. Fortunately, virtual patching can improve the process and raise the system’s security at the same time.09/21/2012
As companies and industries increasingly rely on technology, security risks become greater. With growing numbers of Windows machines and increased scarcity of skilled technical resources, a “perfect storm” of cyber threats in production facilities is looming.09/21/2012
As the security threat landscape continues to evolve, so must your response. With increasing numbers of attempted intrusions, cautionary tales of security breaches and the potential for resulting damages at your site, application whitelisting can be an important addition to your security arsenal.09/21/2012
As the Department of Homeland Security (DHS) moves forward with the Chemical Facility Anti-Terrorism Standards (CFATS), the program continues to evolve. This white paper describes the ongoing CFATS compliance process (which is a combination of technical, procedural, and personnel security) and also provides insight regarding how to develop or revise a comprehensive Site Security Plan (SSP) and prepare for a CFATS Authorization Inspection (AI). Recommendations are relevant to SSPs for all tier levels and should be considered for a facility's initial SSP submission and/or any required SSP resubmission. Download this white paper now: Tips for Inspection and Resubmission.07/25/2012
The past two years have been a real wakeup call for the industrial automation industry. For the first time ever it has been the target of sophisticated cyber attacks like Stuxnet, Night Dragon and Duqu.
In addition, an unprecedented number of security vulnerabilities have been exposed in industrial control products and regulatory agencies are demanding compliance to complex and confusing regulations. Cyber security has quickly become a serious issue for professionals in the process and critical infrastructure industries.
If you are a process control engineer, an IT professional in a company with an automation division, or a business manager responsible for safety or security, you may be wondering how your organization can get moving on more robust cyber security practices.
In order to provide you with guidance in this area, Tofino Security and exida Consulting LLC have condensed material from numerous industry standards and best practice documents. They also combined experience in assessing the security of dozens of industrial control systems.
The result is an easy-to-follow 7-step process.02/28/2012
Remain informed about adjustments to MTSA and learn how the program continues to evolve. This paper provides regulatory updates on the current state of MTSA and information about Transportation Worker Identification Credential (TWIC). Find out about new challenges, such as harmonization with Chemical Facility Anti-Terrorism Standards (CFATS). The paper also covers the current discussion among industry and government officials regarding the differences associated with the MTSA and CFATS programs, including ways to coordinate chemical security regulations. Learn about TWIC reader pilot program updates, as well as practical tips for compliance. Download MTSA Tips & Updates Paper01/11/2012
Working on your Site Security Plan (SSP)? The next stage in the Chemical Facility Anti-Terrorism Standards (CFATS) compliance process requires covered facilities to submit a SSP. Given the importance of the SSP, covered facilities should address a number of factors while they complete this step in the CFATS regulation. Download this complimentary whitepaper now: Ten Tips for Completing your SSP.03/10/2010
David A. Moore, PE, CSP, president and CEO of AcuTech Consulting Group, testified at a June 2006 hearing on Inherently Safer Technology in the Context of Chemical Site Security at The Senate Environment and Public Works Committee01/11/2010
The power industry is susceptible to a variety of cyber threats, which can wreak havoc on control systems. Management, engineering and IT must commit to a comprehensive approach that encompasses threat prevention, detection and elimination.03/27/2006
This document provides an understanding of intrusion detection and prevention systems, why they are necessary, how and where they fit in the control system environment, and gives example scenarios.03/27/2006
This document describes best practices for the reference architecture for a process control system network and its interfaces to a corporate network. The papers objective is to give the reader an understanding of the techniques utilized to securely connect these networks.01/11/2006
In the real world, sharing PCN data with external systems and accessing PCN systems from external sources is fast becoming a business necessity. This paper provides some generic guidelines for enabling secure connectivity between PCNs and external systems.09/16/2005
OSHAs Hazard Communication Standard (HCS) is based on a simple conceptthat employees have both a need and a right to know the hazards and identities of the chemicals they are exposed to when working.08/30/2005
Plant security is a key priority at many plants. This 10-page paper provides background what the methodology for a plant vulnerability analysis involves. It covers topics such as how to get started, available tools, and risk assessment.04/21/2005
This 17-page whitepaper discusses the application of two popular methods of determining SIL requirements risk graph methods and layer of protection analysis (LOPA) to process industry installations.04/19/2005
This nine-page PDF whitepaper discusses the pitfalls of alarm management and how mistakes in the past have been quite costly. It then addresses these mistakes and gives an overview of proper alarm management.02/10/2005
This 26-page white paper from Monitor Technologies discusses the difficulties in measuring bulk solids and powders in bins, silos and hoppers. Download this document to learn which technologies are out there that can make this job easier.01/03/2005
Plant security is a key priority at many plants. This 10-page paper provides background what the methodology for a plant vulnerability analysis involves. It covers topics such as how to get started, available tools, and risk assessment.12/02/2004