Sunday, November 27, 2011

Control Systems in Odd Places

As a process chemist when someone mentions industrial control systems I first think of the systems at a chemical manufacturing facility, then I may think about the electric grid, but until recently I didn’t think about much beyond that. Recent stories about hacks of control systems in cars and even medical devices have expanded that. Then I ran across a blog post at that expanded that world of control systems in a new direction of potential interest to the chemical security community (and the ICS security community, of course).

Data Center Control Systems

The author, Eric Gallant, reminds us that data centers, those massive banks of servers and data storage devices that are so important to modern society, are not just computer systems. Data centers require lots of support structure; power switching, backup power systems, cooling, air filtration and access control. These systems all work together in an integrated manner because of industrial control systems.

Eric points out in his article that there are lots of reasons that various people might like to shut down such data centers. Since a successful attack on the support systems could effectively disrupt such a facility for quite some time, datacenter engineers need to be concerned about the security of their support control systems.

Corporate Data Centers

While it appears that Eric’s target audience is mainly engineers at the very large data centers supporting internet firms and banks, much of what he talks about would also be applicable for the smaller data centers maintained by large chemical manufacturing corporations and to a lesser extent the server rooms maintained at most modern chemical facilities.

A disruption of the corporate networks, with their interties to SCADA networks and various security related networks, could make high-risk chemical facilities and their control systems more vulnerable during the recovery period. With the inevitable emphasis on rapid recovery, there will be an increase in the number of people with physical access to the network infrastructure, increasing the potential for unauthorized access to the network.

Security Data Centers

With the increasing use of electronic monitoring and access control devices we are inevitably seeing an increase in the number and size of security data centers. With the increase in complexity of these systems we are seeing more and more facilities contracting the monitoring functions out to off-site security companies with centralized security data centers supporting multiple facilities. The economies of scale make this inevitable.

While these security data centers house a slightly different mixture of electronic hardware, they still require much of the same support infrastructure controlled by the same types of ICS systems. A successful attack on these control systems would effectively shut down most modern security services provided by such companies. This would certainly make the supported facilities, including high risk chemical facilities, more susceptible to attack.

Security Manager’s Concerns

Security managers at high risk chemical facilities that are served by either type of off-site data center needs to ask pertinent questions about the security provided for those centers. While the security of the data is important, the security of the control systems supporting those centers also needs to be addressed.

For on-site data centers, the control systems for these centers need to receive the same cybersecurity level of attention provided for the control systems that operate the chemical manufacturing controls for the facility.

1 comment:

ericgallant said...

PJ, Thanks for helping to bring attention to this topic. I'll be covering cyber and physical security issues frequently at My focus is clearly data center issues. However, a lot of what I post will be relevant to the chemical industry as well.
In a funny twist, I did reactor and steam plant chemistry as an NCO in the USN. You got into chemistry when you got out; I got out of chemistry when I got out. Go figure.

/* Use this with templates/template-twocol.html */