2004

Old plants, new challenges

By Mike Jordan

Process Engineering, 16 July 2004

PA extract:

According to Justin Lowe of the PA Consulting Group, the move to more open systems in process control has brought with it the vulnerabilities of those systems to 'cyber attack' by hackers, worms and viruses. Speaking at last month's Manufacturing Excellence 2004 conference, Lowe gave a frightening account of the dangers facing the process industries from increasingly vulnerable systems based more on Windows, TCP/IP and web technologies.

Unlike the intrinsic security offered by the relative obscurity of earlier proprietary DCS software systems, today's control and monitoring systems are now exposed to a wider audience through increased connectivity with other IT systems and networks.

'There is definitely increased hacker interest in control systems,' Lowe maintains, citing a recent 'hacker conference' that demonstrated how easy it was to penetrate a water company's Scada system. And if Lowe's view was not sufficiently worrying, he backed it up at ME 2004 with a video presentation by IT security specialist Eric Byres from the British Columbia Institute of Technology.

In a little under five minutes, Byres had simulated a hacker scanning a plant's Modbus network from the comfort of an outside carpark, finding the IP addresses of devices on the system, and accessing the set-up software of 'well-known' PLCs controlling the plant - all from a conventional 'wireless' laptop.

Now this may not give your average hacker the same buzz as breaking the codes at the Pentagon, but Lowe reminded his packed audience of several recent incidents of just such outside interference in process control systems.

There was, for example, the 2001 case of a disgruntled employee hacking into a sewage plant in Queensland, Australia, and releasing raw sewage into local parks and waterways. Other incidents include the 1999 hijacking by a group of hackers of the Gazprom gas pipeline control system in Russia.

Fortunately, however, direct hacking incidents like these are rare. But Lowe points to 'a far more insidious and common threat', namely the spread of self-propagating worms and viruses. 'The danger here', he says, 'has grown considerably with the use of standard IT platforms and technologies in process control systems'.

An example of the threat was last year's 'Slammer' virus, which in one case cited by Lowe infected the critical systems of a nuclear facility. While Slammer itself does nothing malicious to its host, it spreads by scanning networks for vulnerable Microsoft SQL servers, degrading performance as it scans.

So, what can plants do to face these new challenges? Lowe says it's not just a matter of extending standard IT security systems, and nor is it just an issue for the IT department.

Full article:

Ironically, the very infrastructure now identified as high-profile terrorist targets - dams, bridges, power plants, transmission lines, refineries and the like - are the assets rendered most 'fragile' by age and under-investment.

The fragility of these crucial infrastructure assets was dramatically demonstrated by the recent and still largely unexplained power outage in the Northeastern United States.

Many high-profile terrorist targets are marginally maintained and poorly documented, with key operational and repair knowledge residing only in the minds of a shrinking, retiring work force. This is a recipe for disaster in which a relatively minor terrorist incursion could precipitate an unexpected ripple effect that dwarfs that recent US power outage.

Today, the owners and operators of physical infrastructure in many industrialised countries face a major challenge: the infrastructure assets and work force that operates those assets are ageing. This basic truth is becoming a driving force in numerous industries, including manufacturing and process plants, and utilities generation and distribution.

In many of these industries, tight budgets and fierce competition create pressures to optimise plant operations and maintenance, while at the same time ageing plant infrastructures are becoming increasingly fragile: difficult to maintain, and above all, difficult to protect from terrorist and other forms of attack.

Our rapidly retiring workforce is often resistant to institutional change, even as they take their knowledge about these ageing and poorly documented facilities into retirement with themselves.
Regulatory requirements and ageing, inflexible IT infrastructures further complicate the picture.

The immediate security threat is clearly an issue, but the longer-term implications of these trends should not be underestimated. In many industries, the operations and maintenance costs of ageing facilities are increasing while productivity is decreasing. This in turn reduces the amount of capital available for reinvestment - while the essential operational expertise is retiring.

In contrast, emerging nations and economies are investing heavily in new plants and equipment that are inherently more efficient than their developed-world counterparts. As a result, countries with mature infrastructures are losing manufacturing skills fast as industries relocate to lower-wage locations - and as engineering and technology jobs shift to low-cost labour sources.

However, the owners, operators and maintainers of ageing and vulnerable infrastructure are not without their success stories. There are many examples of organisations in a variety of industries who have reversed these 'death spirals' by applying innovation to improve productivity, defining new value propositions and establishing international competitive positions.

Perhaps it is not surprising that many elements of these success stories are quite similar, regardless of the industry in which they were applied. For example, proven strategies are now available that (re)define the optimised operations and maintenance processes for ageing plant systems and provide cost/benefit analysis for system upgrades.

Just as ageing athletes require training regimes that differ from those of younger players, so ageing and often poorly protected engineered assets likewise require unique treatment to remain competitive - and secure. Recognition and accommodation of these differences can often extend the useful lives of systems well beyond the limits of the original designers. Technologies are now available that enable robust integration and phased migration between legacy plant automation systems and new technologies.

Sweeping 'throw-it-all-out-and-start-again' change is exceedingly risky and almost never results in the desired outcome. Today, best industry practice is based on a safer, lower risk approach to facilitate incremental change to an organisation's processes and automation infrastructure - driven by sound cost/benefit analysis to ensure the expected results.

To achieve successful, enduring change, organisations must establish a new balance between the people, processes and technologies that reflects the desired changes in the organisation's 'personality' or competitive positioning. Achieving stakeholder buy-in to new business processes and technologies is essential to realising increased productivity and expected results.

It is natural for people to resist change if they are not involved and lack incentives to bridge the gap between the status quo and ownership of the proposed change. Specific steps can be taken to improve plant resilience, productivity and security. Using process modelling and simulation in optimisation, for example; using workflow technologies to institutionalise re-engineered business processes; and employing best-of-class middleware for legacy system integration.

Change management and measuring return on investment in automation projects are critical too. Only by addressing the special needs of its ageing plant can the industry hope to protect those engineering assets from attack, while at the same time optimising them to compete.

Mike Jordan is a business development manager for Intergraph Solutions Group

As the main article shows, protecting the physical assets of an ageing plant from attack is not just a case of tightening up on site security, writes Mike Spear.

Integrating legacy systems with newer technologies is one of the challenges in keeping plants up to date, but even the newest of process plants are having to face their own challenges.

According to Justin Lowe of the PA Consulting Group, the move to more open systems in process control has brought with it the vulnerabilities of those systems to 'cyber attack' by hackers, worms and viruses. Speaking at last month's Manufacturing Excellence 2004 conference, Lowe gave a frightening account of the dangers facing the process industries from increasingly vulnerable systems based more on Windows, TCP/IP and web technologies.

Unlike the intrinsic security offered by the relative obscurity of earlier proprietary DCS software systems, today's control and monitoring systems are now exposed to a wider audience through increased connectivity with other IT systems and networks.

'There is definitely increased hacker interest in control systems,' Lowe maintains, citing a recent 'hacker conference' that demonstrated how easy it was to penetrate a water company's Scada system. And if Lowe's view was not sufficiently worrying, he backed it up at ME 2004 with a video presentation by IT security specialist Eric Byres from the British Columbia Institute of Technology.

In a little under five minutes, Byres had simulated a hacker scanning a plant's Modbus network from the comfort of an outside carpark, finding the IP addresses of devices on the system, and accessing the set-up software of 'well-known' PLCs controlling the plant - all from a conventional 'wireless' laptop.

Now this may not give your average hacker the same buzz as breaking the codes at the Pentagon, but Lowe reminded his packed audience of several recent incidents of just such outside interference in process control systems.

There was, for example, the 2001 case of a disgruntled employee hacking into a sewage plant in Queensland, Australia, and releasing raw sewage into local parks and waterways. Other incidents include the 1999 hijacking by a group of hackers of the Gazprom gas pipeline control system in Russia.

Fortunately, however, direct hacking incidents like these are rare. But Lowe points to 'a far more insidious and common threat', namely the spread of self-propagating worms and viruses. 'The danger here', he says, 'has grown considerably with the use of standard IT platforms and technologies in process control systems'.

An example of the threat was last year's 'Slammer' virus, which in one case cited by Lowe infected the critical systems of a nuclear facility. While Slammer itself does nothing malicious to its host, it spreads by scanning networks for vulnerable Microsoft SQL servers, degrading performance as it scans.

So, what can plants do to face these new challenges? Lowe says it's not just a matter of extending standard IT security systems, and nor is it just an issue for the IT department.

 Operators need to grow an awareness of the dangers in their control teams. They need to guard against third party risks (such as a vendor's recent update disc that arrived complete with virus). And they need to establish a process control security framework, based on IT security good practice and an awareness of the differing demands of process control.

  |  Previous  |    |  Next  |