Eye Current

Cyber Security for Process Control Systems

In today's process control industry, securing the process control network (PCN) from cyber-related threats is a real issue and a growing concern. Cyber-related threats pose a significant risk to the security of the process control industry and other industries that are a critical part of our nation's infrastructure. This threat is real and is not just the figment of a paranoid imagination or an episode from Fox's 24. The Department of Homeland Security (DHS) takes this concern very seriously. In 2003, the DHS established US-CERT (United States Computer Emergency Readiness Team) to help defend the nation's Internet infrastructure from cyber-attacks. They have instituted the Control Systems Security Program (CSSP), to help the process control and other industries to defend against cyber-threats. In fact, the Homeland Security Department has teamed with 13 organizations on a 12-month project to secure the process control systems of the nation’s oil and gas industries against cybersecurity threats.

The name of this project is (LOGIIC), Linking the Oil and Gas Industry to Improve Cybersecurity. LOGIIC was birthed out of the Cyber Security Research and Development Center, supported by DHS, and is run by SRI International of Menlo Park, CA. For the first time, LOGIIC, has brought together government, industry, research labs, security and process control technology vendors to create a real-life process control system test bed. All known cyber-attacks were made against the test bed, at Sandia National Laboratories in Albuquerque, N.M. to exploit system vulnerabilities. The goal of LOGIIC is to create technologies that will prevent the exploitation of vulnerabilities in the process control and other vital industries.

According to an article from www.gcn.com, a cyberattack on the control and data systems of electrical power plants, or oil and gas refineries and piplelines, two of the 17 pieces of the nation's critical infrastructure, could potentially bring the country to a halt. For example, the Northeast Blackout on April 14, 2003 left 50 million people out of power and the outage cost an estimated $7 to 10 billion dollors, and parts of a pipeline were shutdown. In this example, terrorism was not to blame, but, if terrorists or hackers learned how to shutdown our country's power plants or process control systems, the results could undeniably be devastating to our country.

The DHS has a list of potential attackers on their web site. CSSP offers several types of security training to corporations. The Process Control Systems Forum (PCSF) is having the 2007 annual meeting on March 6-8 in Atlanta, GA. Four different tracks will be offered which help industries understand the risk and measures to take to reduce the cyber-threat.

posted by Process Control Outlet @ 9:37 AM