Industrial operators building their IoT security strategy need to think beyond protecting data and uptime. Within the plant, security also is about protecting employees and equipment. Beyond the plant, there is a responsibility to safeguard the environment, as well as critical infrastructures and supplies on which people depend.
The potential effects that security breaches can have on safety may not be top of mind, but the consequences can be among the most extreme.
Imagine if a machine safety system was the target of a successful cyberattack. It might not know to slow down or stop if it reached dangerous conditions. In other words, the very protections that safety systems are designed to provide, might be lost.
The potential impact of such an attack could lead to an employee being injured or subject an entire facility to widespread safety risks, such as fires, leaks or explosions. The risks are exacerbated in facilities that handle volatile materials, such as oil and gas processing and inherently hazardous operations like mines.
Safety-related risks also can extend beyond company-owned facilities. A cyberattacker who targets a food or pharmaceutical operation with the intention of contaminating products, for example, could threaten consumer safety. On an even larger scale, a security attack on a critical infrastructure, such as energy or water-processing facilities, could affect the well-being and safety of millions of people. Concerningly, such facilities experienced a 20 percent increase in cyberincidents in 2015.
While the list of potential security threats that could have safety implications is vast, there are a few key steps every organization can take to help identify and mitigate risks.
Bringing Together Safety and Security
While traditionally viewed as separate priorities, industrial operations should think of security and safety as integrated, and with many shared goals and techniques.
Culturally, companies should place the same emphasis on protecting safety systems as they do on protecting data and other assets. This can stem from increased collaboration between teams – especially EHS, IT and operations – as well as a deep understanding of how security and safety impact one another.
Companies also should work to meet security requirements outlined in relevant safety standards. Several IEC standards outline how to help address safety risks that may stem from security issues. Section 7.4 of IEC 61508, for example, recommends conducting an analysis on any unauthorized action that could constitute a security threat.
IEC 61511 provides clearer guidance. It says security risk assessments are required for safety instrumented systems, and that their design must provide necessary precautions against any risks identified in an assessment.
There also are an increasing number of safety technologies with built-in security features. These can help protect against safety system breaches and assist with recovery if a breach occurs.
Set the Baseline With Risk Assessments
Addressing safety through security starts with conducting separate safety and security risk assessments.
A safety risk assessment analyzes compliance with safety standards (including the two mentioned above). It should take into account every activity that involves human-machine interactions, including setup, cleaning, maintenance and daily operations. It also should be expanded to analyze safety risks from cybersecurity threats.
A security risk assessment takes a holistic view of software, networks, control systems, policies and procedures, as well as employee behaviors.
While the two assessments should be independently conducted, they can work toward the same end goal: managing risk at the company level when it comes to protecting internal and external groups.
Enhancing Safety Through Security
Once assessments are completed, manufacturers should examine how security impacts safety and how to address their unique set of risks. Some key measures that can be effective in almost any organization include the following:
- Segmentation as part of a defense-in-depth strategy can help limit access to safety systems. Firewalls, VLANs and switches all can help securely segment networks and establish smaller zones of trust and simplify policy enforcement.
- Asset-management software can be used to track and manage changes across a facility, including safety systems. It will detect deviations from regular operations and alert operators of problems.
- Authentication and authorization security can limit who can access software, what they can see and do, and from where they can perform actions.
- Physical security measures can include access control, device locks and video surveillance.
- CIP Safety and CIP Security can help safeguard data and mitigate attacks on safety systems. They are common industrial protocol (CIP) extensions that operate on EtherNet/IP networks. CIP Safety allows safety devices to coexist on the same network as standard devices, and enables a safe shutdown in the event of a denial-of-service attack. CIP Security incorporates data integrity and device authenticity into network communications.
In addition to these and other measures, companies should have processes and procedures in place to help them quickly respond to the release of safety and security advisories. This can be as simple as having guidelines in place to confirm the advisories are read, that the risk described is evaluated in the company’s context, and should also include patch-management procedures to help mitigate risks to any impacted devices.
A Holistic Approach to Intertwined Risks
When manufacturers understand how cybersecurity threats can impact the safety and wellbeing of their employees, facilities and the environment, they are better equipped to take a holistic approach that integrates security and safety considerations. A wealth of tools, technologies, services and educational resources are available to help manufacturers meet compliance requirements, conduct appropriate risk analyses, and mitigate both safety and security risks in connected operations.