ipc valves

Cyber-security in process controls

Hackers are looming around your smart control systems.

Is your cyber security strong enough?

In early 2000, an Australian organization experienced problems in its wastewater management system. The signals sent t its pumping stations kept failing and the alarms that were meant to go off when the valve failed to trigger, did not ring. Investigations revealed that a hacker was deliberately making this happen. He had infiltrated the system for months and was controlling around 150 pumping stations, releasing millions of liters of untreated wastewater in local waterways.

In a more serious incident, Iran’s nuclear plant in Natanz fell victim to Stuxnet worm which destroyed thousands of centrifuges.

As IoT use has increased, information technology and operational technology are converging. Thus, industrial control systems are now open to hackers, ransomware and worm attacks that are created specially for PLC systems. What’s more, the threat extends beyond the IoT connected operational systems as well. Worms such as PLC blaster can ‘jump’ to ‘air-gapped’ operational networks. air-gapped networks are those operational systems that are not connected to Internet.

With smart systems becoming the norm in operations, it is vital to protect them from cyber attacks

When talking of cyber security, we generally imagine that it must take sophisticated technological solution to prevent hacking incidents. However, that is not entirely true.

Hackers enter our control systems through simple avenues

Hackers get inside our systems through avenues such as clicking of phishing mails, unauthorized pen-drives, or passwords that are too simple to crack. Closing these avenues to thieves with some basic measures would ensure safety for your systems.

Are you taking these three basic measures to stop them?

Update your systems

Valve industry is pretty old, and many companies in this sector are veterans. They are evolving with time, but many times, this results in the firm having a mix of very old, moderate and latest equipment, computers or other digital systems. Older systems tend to be easier for hackers to crack. Hence, having a uniform and up-to-date system all around the firm is a wise thing to do. This includes properly configuring your software programs to avoid leaks and setting strong passwords for them.

Train the people

The state of any business is ultimately decided by the quality of its employees. Making employees ‘digitally literate’ is vital amidst digitally transforming industry. On one hand this entails training them to detect malware-loaded emails, and on the other hand, enforcing control over access to data is the key step to take. Going back to the Natanz example, the malware was introduced into the system with a pen-drive probably connected to the system by an employee.

Build a security policy

Given how cyber security involves a wide array of factors, it is not enough to leave it to your IT team. Instead, the firm must have a stringent security policy in place for the systems. In short term, this means permission-based access and control over entry of unauthorized hardware in the firm. In the long term, businesses must assess the risk and possible business loss caused by such attacks.