Protecting Control Systems with Comprehensive Cybersecurity Programs

At this year’s Offshore Technology Conference, Asset Strategy & Management Program Manager Rick Gorskie talked to oil and gas customers about their concerns regarding cybersecurity. As you can imagine, it’s a hot topic. Many of our customers realize that even if they are not a target now, they could be in the future.

Incidents in the past with Stuxnet, a worm that attacked control systems, and Shamoon, a virus targeting oil and energy sectors, showcased how cyber-attacks could exploit vulnerabilities and cause huge amounts of damage.

More recently, a malware-infected device was found connected to some nuclear plant control systems in South Korea. And hackers infiltrated the production network of a German steel mill — accessing the systems that control plant equipment — and caused physical damage during an unscheduled shutdown. That particular phishing attack occurred with targeted, trustworthy-looking emails that tricked recipients into opening malicious websites and malware that grabbed login names and passwords.

What makes both of those more recent attacks noteworthy is that those attackers seemed to possess sophisticated knowledge that allowed them to manipulate and disrupt control systems. But we’ve also seen attacks happen via USB ports, memory sticks, DVDs and even when charging cell phones or other electronic devices through your computer. And such attacks become a strategic weapon for hackers trying to cause damage.

So how can you best protect your control system? Emerson recommends a number of solutions, but it starts with a cybersecurity assessment on your plant or production facility. We work with you to use this assessment tool to identify problem areas, and then to suggest appropriate remediation. With further analysis, we can carefully walk you through steps to harden protections against cybersecurity-related incidents.

At the basic level, our specialists are able to graphically plot where your cybersecurity coverage is today. When asked for more details, Rick explained:

We will be able to understand whether your specific policies, procedures and enforcements are in place and cover your systems as installed. We will also be able to determine other facets of cybersecurity coverage that are important to your day-to-day ability to operate. We will also be able to suggest specific remediation of security items that we deem a ‘concern’ based on the DeltaV Security Manual’s best practices. In many cases, you and your current site staff may be able to complete the remediation on your own.

You can learn more about Emerson’s Cybersecurity Management Services, including the Advanced and Basic Cybersecurity Assessment, by visiting the Lifecycle Services for DeltaV Systems page.

Take proactive steps now to identify vulnerabilities, remediate protection gaps and secure your process control system from cybersecurity risks.

From Jim: You can connect and interact with other cybersecurity experts in the Operate & Maintain group in the Emerson Exchange 365 community.