The post Why You Must Incorporate Safety and Cybersecurity Standards Into Your Automation Design first appeared on the ISA Interchange blog site.
I have said it before and I will say it again. There are simple steps that must be taken now to make your automation systems more resilient to the inevitable cyberattack.
Attackers have now breached the next bastion of the safety envelope of a plant environment and influenced the operation of a safety system. It is important to state upfront that in this case the system detected the fault and went to a failsafe state just as it is supposed to do. But it will not be very long until attackers successfully modify the logic in these systems to accomplish their nefarious objectives. When it comes to safety instrumented systems (SIS), the most important part of the cybersecurity puzzle is understanding and securing access to the system, both from a physical and a cyber perspective.
Ask yourself: Who potentially could gain access to the system? (For good or for evil)
The recent attack intended to manipulate the safety system of an unidentified plant, and the attackers leveraged two significant access control weaknesses in the system. These are implementation or design weaknesses, not vulnerabilities in hardware or software components – so don’t expect the vendor to fix these, that is your job and your job alone!
ISA offers standards-based industrial cybersecurity training, certificate programs, conformity assessment programs, and technical resources. Please visit the following ISA links for more information:
By leveraging safety design principles articulated in international safety standards such as IEC 61508/IEC 61511/ISA84, automation engineers can make informed decisions about the appropriate methods to isolate the safety functions from the BCPS functions. They also must ensure that separation exists in all phases of plant design, operation and maintenance. A common engineering system or a SIS engineering workstation that is interconnected to the plant network may violate these fundamental principles.
The cybersecurity standards created by ISA99 and now recognized globally as IEC 62443 lay out the process to safely segment and isolate key control system components through methods such as “zones and conduits.” Use defense in depth principles from ICS-CERT and utilize unidirectional gateway devices where required.
Some vendors will maintain they have proven that their integration of the BCPS and SIS, especially at the engineering workstation, conforms to and is consistent with these safety and cybersecurity standards. I urge you to ask hard questions, such as what if an attacker gains complete control of the engineering environment? How does the system ensure that unauthorized changes to SIS logic cannot be made?
Technical reports on these attacks are available from Mandiant® FireEye® as TRITON and Dragos® as TRISIS
About the Author
Marty Edwards is managing director of the Automation Federation. Marty previously served as director of the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an operational division of the National Cybersecurity and Communications Integration Center (NCCIC) in the Department of Homeland Security (DHS). He holds a diploma of technology in process control and industrial automation (magna cum laude) from the British Columbia Institute of Technology (BCIT), and in 2015 received its Distinguished Alumni Award. In 2016, Marty was recognized by FCW in its “Federal 100 awards” as being one of the top IT professionals in the federal government.
Source: ISA News