If asked to picture weapons of terrorism, most people might conjure up images of explosives, biological contagions and the like. They probably wouldn’t visualize a computer memory stick purchased at the local electronics store.
But even if a USB drive isn’t typically thought of as a terrorist weapon, it has the potential to produce results ranging from disruptive to devastating. In the world of chemical refineries and processing plants, a memory stick could easily infect a plant’s process control system with a virus and potentially put the safety of its workers and surrounding community at risk.
Chemical plant security has become one of the most scrutinized issues since the Sept. 11 attacks on the U.S., with lawmakers and experts continuously calling attention to the havoc terrorists could wreak by disrupting operations at these facilities. Yet, many chemical companies don’t receive consistent information on how to best protect their sites.
Lawmakers will soon pass enforceable security regulations for industrial sites. Manufacturers, in turn, must be ready and have a best-in-class security strategy in place. One such strategy is to take a holistic view of the entire plant, considering a comprehensive and integrated approach to security and safety.
Since the process control system is the heart of any chemical plant, ensuring you have a secure process control network (PCN) is a place to begin.
The PCN is one of the most critical areas of a chemical facility and can be one of the most vulnerable to the growing threat of cyber terrorism. Cyber threats can be grouped into four categories:
1. Indiscriminant and potentially destructive: This is the most publicized category, which includes viruses, Trojan horses and worm attacks.2. Performance impacts and potential safety issues: Network spoofing and “denial-of-service” threats have performance implications. For example, a denial-of-service attack can clog a PCN with spurious requests, keeping an operator from receiving a legitimate alarm.
3. Confidentiality: With eavesdropping and password cracking, confidentiality becomes a concern.
4. Confidentiality, integrity and performance: This area includes data tampering, impersonation and packet modification and is especially hazardous if the intruder has malicious intent. All these categories have attendant safety issues. If the system is compromised, safety is compromised. Despite these threats, the PCN must provide a level of reliability, availability and performance to ensure a safe, uninterrupted operation. Securing a PCN involves several measures, which are examined below.
Assessing Vulnerabilities
The key to strengthening security at any facility is understanding existing weaknesses. An assessment should establish a baseline of a company’s current security processes, procedures and safeguards used to protect the PCN from external threats. That baseline is then the focus of recommendations that outline the procedures and changes that will remove or mitigate identified vulnerabilities. PCN vulnerabilities can be ranked based on their risk potential, and most sites will have some low- and medium-risk areas as well as a few high-risk areas. Some of the higher risk vulnerabilities are associated with poor or non-existent security policies including poor password management, missing or out-of-date anti-virus software and ineffective processes for communicating policies. Unsecured open ports present opportunities for the introduction of viruses. Consider that someone could cause significant disruption simply by inserting an infected USB stick in an unsecured open USB port and, as mentioned above, injecting a virus into an otherwise “clean” system — an instance of “sneaker net” meeting cyber space.
Designing Network Security Infrastructure
Once identified, the next step is to design a solution that removes or mitigates these identified vulnerabilities. For example, a high-risk vulnerability is a direct connection between the corporate network and the process control network. This kind of configuration opens the doors for viruses, worms, etc., to be introduced into the PCN from the corporate or business network and vice versa. A more secure infrastructure would include a “demilitarized zone” with enhanced firewall protection for the PCN. This approach adds a new level of network security, controlling communications between the corporate network and PCN and minimizing potential threats.
Deploying Hot Fixes and Service Packs
The efficient and timely qualification and validation of hot fixes and service packs, such as those fixes issued by Microsoft, are key to a successful security strategy. It is incumbent on the process control vendor to validate and qualify these hot fixes and service packs for their platforms, providing up-to-date information to their customer bases. Vendors who make this information readily available are providing great benefit to users of these systems.
Qualifying Antivirus Software
Process control vendors also need to be supportive of their customers with regard to the qualification of anti-virus software. And, since one leading anti-virus offering may be preferred over another, offering a choice of qualified anti-virus software is a plus.
Locking Down Control Network Nodes
Vendors can embrace a locked-down model that facilitates system security, providing customers with pre-configured security settings for files, directories and registry keys to protect against viruses, malicious users and inadvertent actions. Such a model would provide pre-configured groups and group policies that define the desktop behavior within an organization by role. Consider the following scenario. For operators, the policies would be very secure (or locked down), limiting the user to auto-start applications. For supervisors, the policy would be similar, very secure/locked down. Engineers, on the other hand, would be restricted to relevant engineering functions. Administrators might have unlimited access with secure settings such as screensaver with password after 15 minutes of non-activity. Basically, this model type focuses on controlling the desktop by user role, limiting what is seen via the “start” menu and restricting which Windows tools/functions may be invoked. The first step in the security journey is the assessment. Understanding and documenting vulnerabilities provides the best foundation for developing an approach that balances security and functionality. From this assessment, a design that meets site requirements can be developed. Once it’s implemented, the cycle begins again with another assessment, which should be taken at least on an annual basis, to verify that new vulnerabilities have not been added or existing ones have not been ignored.