Recent cybersecurity incidents, such as the Norsk Hydro ransomware attack, show that process control industries have little margin for error in keeping defense levels ahead of threats. Day-to-day realities, unfortunately, create major obstacles when it comes to performing security tasks, including limitations on cybersecurity headcount and mixed vintage equipment that requires varied security patches. The good news is technical solutions, including risk management software, can automate security monitoring whether its checking that server back-ups installed correctly or reporting an informative risk score.
For a large refinery in Europe, the opportunity to advance cybersecurity capabilities was realized as it moved from a proprietary distributed control system (DCS) technology to a modern DCS using the Microsoft Windows operating system. Company information technology (IT) and site leaders recognized they needed to do more to understand and address potential cybersecurity vulnerabilities. Any move to automation and standardization across platforms needs associated risk management, and the company considered security at each phase of the migration.
The first major decision was reducing manual workflows wherever possible. This included checking all end nodes for potential cyber vulnerabilities such as outdated patches or missing anti-virus updates. Allocating staff resources to this time-consuming task cost the company hundreds of thousands of dollars. In addition to lowering costs, the ability to standardize and automate end node checks also helped eliminate human error, increased the frequency of security checks, and allowed consistent data collection to measure and improve key metrics.
In the past, such security work was completed ad hoc with staff stretched between operational productivity tasks and security responsibilities. Much of the work was performed until regulatory compliance measures required detailed documentation across many activities.
The refinery is composed of critical infrastructure and requires that compliance standards are met for IEC 62243 SL3 security assurance levels. The company also needed to develop better cybersecurity situational awareness, enable easier syslog (protocol for message logging) forwarding to a security information and event management (SIEM) and integrate risk management with their existing security dashboard.
Project details, teams
The company worked with a major global industrial cybersecurity provider to perform a network architecture assessment in order to understand potential gaps as well as support the network growth in a safe and sustained fashion. Planning across a five-year timespan allowed teams to consider the upcoming impact on architecture, such as the need to add further wireless connectivity or expand facilities. In addition, based on SIEM requirements and dashboard access views, architecture could be planned to meet compliance needs.
The DCS automation upgrade included a cybersecurity system assessment to identify key requirements for a secure migration to the new system. This included expertise from operational engineering consultants and industrial cybersecurity experts. The experts leveraged insights from other organizations to provide objective data the refinery teams could use to scope, budget and execute priority risk reduction work.
To increase visibility and improve management of cybersecurity risk, the refinery chose to implement a risk management software. This included automating the 24/7 monitoring of key risk indicators across network, endpoint and other security factors.
The refinery’s automation staff identified key cybersecurity vulnerabilities starting in the pilot phase, including unused ports, back-up inconsistencies, outdated security patches and others. Risk management software provided staff with a consistent way to measure, monitor and manage cybersecurity risk on-site without the manual efforts. A software dashboard highlights possible issues to help staff protect several hundred end nodes. It also provides updates on patching, network security and backup status. This allows staff to respond much faster to potential threats, resulting in greater site security.
In addition to efficiency gains, the implementation effort led to people and process benefits. For example, the organization needed to discuss risk appetite and then agreed upon defined risk thresholds to set up. This simplified visibility into the security posture since the software portrayed the algorithmic scores relative to risk as part of its monitoring capabilities.
Staff skills improved as they saw steps they could take to lower risk specific to the organization’s priorities and the priority levels of the assets monitored. Even non-security personnel had the ability to follow recommendations and impact the risk score.
At the executive level, automating risk management delivers much-needed visibility and risk enforcement across industrial control system (ICS) networks. At the operations level, engineers can find and resolve operations technology (OT) compliance and performance issues—before the issues make headline news. Any investment in automating, standardizing and improving risk management before it really impacts a company’s bottom line makes obvious business sense.
Marty Israels is global marketing director, Honeywell Industrial Cybersecurity. Edited by Chris Vavra, production editor, Control Engineering, CFE Media, firstname.lastname@example.org.
Keywords: Distributed control system, DCS, cybersecurity
A refinery moved to a modern distributed control system (DCS) to improve process operations and cybersecurity.
The refinery chose to implement a risk management software solution to increase visibility and improve management of cybersecurity risk.
The refinery reported efficiency gains from personnel and improved visibility for cybersecurity operations.
What benefits can a DCS provide to your process manufacturing facility?
See additional cybersecurity strategy stories including:
Six reasons why centralized cybersecurity doesn’t deliver value to OT
Extend IT security to the plant floor
Five questions every CISO should ask about OT cybersecurity
Five questions every CISO should ask about OT cybersecurity
Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.