Defense in Depth

Last Friday I received a twit (a message on Twitter.com, my twitter name is PJCoyle) from BozonGas recommending that I look at a document on Honeywell.com called “An Integrated Approach to Safety: Defense in Depth”. Honeywell has long been a producer of a variety of instruments, controllers and other devices used in chemical process safety. While this white paper is mainly a look at their philosophy for an integrated safety program, it does address facility security, especially in how it integrates with process safety. Security Incident Outcomes The three page discussion of process security is short on details, this is a white paper after all, but it does provide some important information none the less. One of the most interesting items discussed comes in the form of a table on page 17 taken from an American Chemistry Council document, “The Case for Taking Action on Cyber Security”. The table lists 14 ‘concerns’ about possible outcomes from successful attacks of high-risk chemical facilities. Of the fourteen concerns, only two deal with the potential outcomes that are most often discussed in security related discussions; “Release, diversion, or theft of hazardous materials” and “Employee and public fatalities, injuries and health effects”. The other 12 concerns deal with business consequences of such an attack. The identification of these consequences helps to provide an additional business case for proceeding with improving facility security. Layers of Security and Safety This white paper makes the point that a layered process safety program (with an interesting diagram on page 4) is necessarily an integral part of a facility security program at chemical process facilities. Honeywell notes (page 18) that:

“The integration between building automation, security, and process control systems at plants plays a crucial role in rapid, efficient, and coordinated mitigation steps during a security incident. A close linkage between security and process systems ensures that a process control system operator is immediately made aware of a security breach so they may take preventative action to protect the safety of individuals in and around the facility.”

Honeywell recommends adding three security layers to the nine layers of process safety layers covered in the remainder of the white paper. Those layers encompass physical security, electronic security, and cyber security. The first two layers help prevent unauthorized physical access to the facility and help manage the mitigation process in the event of a successful attack. The cyber security layer helps to prevent the process control and process safety systems from being used to execute an attack on the facility. Process Systems The white paper identifies nine elements of a successful cyber security system. Two of those elements have not received enough, in my opinion, emphasis in other discussions of cyber security. Those elements were:

“Physically separated process control and enterprise networks with limited access points” “Physically separated process control and process safety systems with limited access points”

The first element helps to isolate control systems from attacks via the internet. This does not eliminate the threat of a cyber attack on those systems, but would allow security teams to focus on physical or on-site attacks on those systems. The second would allow properly designed process safety systems to mitigate the effects of many successful attacks on process control systems and even a few attacks on physical assets. Since Honeywell is one of the domestic leaders in process control systems, I would certainly like to see them address process security in more detail. They are in a unique position to assist facilities in the design and implementation of cyber security systems for process systems across a wide variety of industries.