Last year, Dragos’ Joe Slowak and Rob Lee publicly pushed back on the need to address process sensors (see https://www.controlglobal.com/blogs/unfettered/sensors-and-sensibility-dragos-and-other-ot-experts-lack-expertise-on-process-sensors/ ). Apparently, Dragos has reversed their position based on the results from a LOGIIC project “Learn why Sensors Matter Within Industrial Cybersecurity”. This work can be important if the Dragos findings can help change the mindset of those in the OT community who continue to ignore these critical control system devices.
I have been writing for years about the need to address Purdue Reference Model Level 0,1 devices including process sensors for control system cyber security. My interest in sensor cyber security stemmed from work I did at the Electric Power Research Institute (EPRI) where we discovered a previously unidentified sensor problem – a common cause, non-detectable failure in pressure, level, and flow sensors in nuclear safety applications. As a result of this pressure sensor issue, I did detailed Failure Modes and Effects Analyses (FMEAs) on each of the major nuclear safety pressure sensor vendors on what turned out to be a manufacturing flaw (supply chain) in nuclear safety pressure sensors. This flaw actually contributed to the Three Mile Island core melt. I also did another project demonstrating the inherent drift in process sensors. Over the years, there have been many process sensor cyber-related incidents resulting in catastrophic failures. As process sensors typically do not contain any cyber security features, authentication, nor cyber logging capabilities and yet are the input to all OT networks, this should be recognized as a major security, reliability, and safety gap. Moreover, I am currently part of a joint ISA84 (process safety)/ISA99 (cyber security) working group where we are developing a process sensor cyber security annex for process safety applications.
Hacking process sensors is not new – it was demonstrated in the 2015-16 timeframe by Russian and other researchers in a public conference in the US. Moreover, published work from the US Air Force Institute of Technology demonstrated how this type of cyber-induced activity can be detected for multiple sensor manufacturers.
In order to address the gap in process sensor monitoring, I am working with a group to develop revolutionary sensor technology at the physics level that will provide the unique identity of the individual sensors (address counterfeits), the integrity of the measurement including identifying sensor drift (process safety, reliability, product quality, and predictive maintenance), and the origin of the measurement (cyber security and process safety). I will have more to say on this later.
It is incredible that the cyber security, equipment monitoring, and process controls and safety communities continue to erroneously assume the sensor measurement is uncompromised, authenticated, and correct. I hope that the new initiative by Dragos helps the OT community understand and address what’s too often been overlooked.
Joe Weiss