Thursday, January 24, 2008

Control systems vulnerable to attack

According to the Washington Post, the CIA, at a recent cyber security conference, disclosed successful cyber attacks against a number of electrical systems outside of the United States. These attacks reportedly resulted in power outages in a number of cities. In the reported instances the goal of the attack was apparently extortion. It is unusual for the CIA to declassify and report this type of information in an open meeting of this sort; it is most certainly a mark of their concern


Most chemical processors use some sort of electronic control system to monitor and/or control their manufacturing processes. Any such control system with any sort of connection outside the plant gates could be liable to this type of attack. Enterprise software, holding company inventory, orders and customer requirements are also vulnerable to this type of criminal attack. While losing control of any software system to an outsider would be bad from a business perspective, it is the process control systems that are at the highest risk from terrorist attack.


From a CFATS perspective it is the process control software that is of the most concern. I’ll leave the details of protecting software systems to the IT Security Professionals, but I will note that it is becoming more difficult to completely isolate these control systems from outside access. An system that is not isolated must be considered vulnerable to attack. Rather than aiming for complete protection of the control system software there might be another technique that would provide better protection against terrorist attacks.


Most chemical facilities have a system of safety interlocks and control systems that protect their chemical processes from the most dangerous process upsets. In ideal situations these safety systems reside on a separate computer system that has been hardened and protected against power failures, unauthorized access and other upsets that could shut down the safety system. Isolating these relatively limited systems from outside access should be easier than isolating the entire control system.


A properly isolated safety system could help to mitigate the effects of an attack on the main control system, keeping process parameters within safe operating ranges. Additional security controls could be added to the same system. For example if there were a concern about a discharge of a COI into a tank farm, there might be a remotely operated valve that must be  opened along with a manual valve at the tank in question. Access to the control to that automated valve would be accessible only to supervisors and work through the safety control system.


An isolated safety/security control system would go hand in hand with reasonable efforts to limit the possibility of a terrorist attack gaining control of the main control system. This would also be a good example of the layered protections envisioned by the CFATS rules. It is also an example of the creativity that a good site security plan will require.

No comments:

/* Use this with templates/template-twocol.html */