Industrial Control System (ICS) technology has been around for many decades. Most were developed and designed to work as standalone or direct connection devices. At the time, the primary threat to ICS was physical access to the device itself. Today, widely available software applications and internet-enabled devices have been integrated into most ICS providing more functionality than ever before. While this reduces cost, improves access, and provides efficiency, it also makes ICS more susceptible to cyberattacks.
ICS comes in a variety of types and purposes. Supervisory control and data acquisition (SCADA), Distributed Control Systems (DCS), Process Control Systems (PCS), Energy Management Systems (EMS), Safety Instrumental Systems (SIS), and other Automated Systems (AS), such as Building Automation Systems (BAS), are common ICS technologies utilized in industry. Often these systems are relevant specifically to the industry they support, such as power, water, or chemical distribution. ICS primarily controls a process or function. A failure of that ICS could place personnel in an unsafe environment, damage equipment, and even cause spills or fires. Most times, we hear of such mishaps resulting from human error or equipment failure. However, cyber threats against critical infrastructure are on the rise as sophisticated malware targets weaknesses in ICS devices.
Whether on a ship or oil rig off the coast, maritime and energy organizations also rely ICS to operate many of their systems. Consequently, we must be aware of the risks and vulnerabilities of integrated and interconnected systems and develop a strategy to reduce that risk. After all, while a small spill at a storage site would be contained by a containment system or reservoirs, a small spill in the Gulf would be devastating to wildlife and fisheries alike have impacts to coastlines and beaches. Such an event would be catastrophic to all communities and businesses involved. The cost of cleaning up the Exxon Valdez spill was over $7 billion and the BP spill $61.6 billion. Even today, after billions of dollars spent to make things right, the memory of those events still haunts those companies. A future disaster could stem from a cyberattack, but hopefully that will never be the case.
The maritime and energy industries touch so many lives in the Gulf, and we have a responsibility to protect those we serve from harm. With increasing threats to ICS, it vital to implement stronger cyber measures. Whether it is adopting Government standards or establishing self-regulated controls, reasonable steps must be taken to minimize the threat to our systems and industries.
The CLEAN GULF Conference is an annual forum dedicated to just this issue. Scheduled for November 13 to 15, CLEAN GULF will bring together a myriad of stakeholders to deliver solutions for improving prevention, preparedness and response of oil and hazardous materials spills in inland, offshore and marine environments. Gnostech President/CEO James Espino is a scheduled panelist for “Risks and Security in a Digital World,” and will discuss cyber risk and cyber incident response.
Cyber threats for ICS will continue to grow in scope and complexity, and we must work together to minimize this risk.
About Gnostech Inc.:
Gnostech Inc. is an applied engineering and consulting company with expertise in information assurance and cybersecurity engineering, and major combat and space systems development and integration. For more information, visit www.gnostech.com or stay connected by following us on LinkedIn or @GnostechInc in Twitter.