HIMA Warns Of New Cyber Threat To SIS

Jan. 12, 2018
Hacked safety controller represents new dimension of cyber threats to critical infrastructure.

In late 2017, the ICS cybersecurity specialist Dragos reportedly announced that a safety controller (SIS) in a process facility in the Middle East had been targeted by a new malware attack and successfully hacked. The SIS was compromised, leading to a shutdown of the facility. The professional execution of the attack shows that facility operators need to take the subject of cybersecurity very seriously, according to HIMA, a global independent supplier of safety solutions for the process industry, which offers to provide consulting on the subject of cybersecurity in safety-critical systems.

The cyberattack referenced represents a new dimension of cyber threats to critical infrastructure, says HIMA. According to current knowledge, it was specifically planned and designed to target the SIS of a particular manufacturer. This sort of attack on a SIS, reportedly the first ever seen worldwide, is very sophisticated and only possible with significant effort.

“Work processes and organizational deficiencies are by far the most common areas of vulnerability for successful cyberattacks. System interfaces that remain open during operation and can be used to program the systems concerned, for example, give attackers a potential point of access,” says Dr. Alexander Horch, vice president, research, development and product management at HIMA. “We urgently advise facility operators to not rely solely on cyber safe components, but instead to establish a comprehensive security concept for their own facilities.”

To achieve maximum safety and security, it is especially important for facility operators to implement the requirements of the standards for functional safety and automation security (IEC 61511 and IEC 62443) for physical separation between process control systems and safety and security systems, according to HIMA. In addition to providing automation solutions conforming to relevant national and international standards, HIMA supports plant engineers and operators in developing security concepts for the entire life cycle.

“For facility operators it is important to constantly keep an eye on potential forms of manipulation. In this regard, safety-critical applications are fundamentally different from other industrial PLC or office applications,” says Heiko Schween, a security expert at HIMA. “Considerable expertise is necessary to ensure cybersecurity in safety applications. Maintaining and constantly refining security often poses a challenge to facility operators. It is therefore advisable to draw on the services of experienced safety and security experts in order to jointly develop and implement effective concepts.”

For more information, visit: www.hima.com

Sponsored Recommendations

Heat Recovery: Turning Air Compressors into an Energy Source

More than just providing plant air, they're also a useful source of heat, energy savings, and sustainable operations.

Controls for Industrial Compressed Air Systems

Master controllers leverage the advantages of each type of compressor control and take air system operations and efficiency to new heights.

Discover Your Savings Potential with the Kaeser Toolbox

Discover your compressed air station savings potential today with our toolbox full of calculators that will help you determine how you can optimize your system!

The Art of Dryer Sizing

Read how to size compressed air dryers with these tips and simple calculations and correction factors from air system specialists.