Keynote to Texas A&M Instrumentation & Automation Symposium and industry response

November 6th, I gave a short course to the API Cyber Security Conference. When I discussed issues such a lack of security in Level 0,1 devices, the attendees, who were from cyber security not engineering said the wanted their engineers to hear this story. January 25th, I gave the keynote to the Texas A&M Instrumentation & Automation Symposium. The attendees were primarily end-users, vendors, and consultant control and safety engineers from the chemical and energy industries. There was one other cyber security presentation and a cyber security workshop at the Symposium. Both were focused on network security and did not address Level 0,1 devices. The lack of cyber security and authentication in Level 0,1 devices was new to almost all of the participants including personnel staffing the vendor displays. As mentioned previously, ISA99 has established a new working group on Level 0,1 issues and a number of the participants asked to join.

For those that don’t think it is possible to hack process sensors (I did not mention this in my presentation), one example is to use the hand-held HART/Foundation Fieldbus field communicator to change the process sensor ID. This can be either a malicious cyber attack or an unintentional error often with little chance to tell the difference. Regardless of why, with the ID changed, the sensor will no longer be able to communicate with the PLC or DCS. There may be an alert but it may be too late to prevent a catastrophic failure. This is not just loss of view and loss of control, but effectively loss of safety.

I also discussed the Siemens and Triconex issues with respect to hacking Safety Integrated System-SIS (INL demonstrated hacking the Basic Process Control System-BPCS and SIS at the 2008 Siemens International User Group) and the consequent need to isolate SIS from the BPCS. This is a subject that has been discussed over the years but the Triconex attack with the Tricon workstation connected to the DMZ has highlighted the need for safety standards to require separation of SIS from the BPCS (a safety as well as security issue).

Joe Weiss