A change for the better – process sensors are now important for control system cyber security

Oct. 29, 2020
Process sensors have no cyber security or authentication. Yet, they are the starting point for cyber security, predictive maintenance, and process safety. There have been several demonstrations of hacking process sensors including by the Russians and recently by Dragos. Consequently, process sensors need to be explicitly addressed for control system cyber security, process safety, and predictive maintenance. 

Last year, Dragos’ Joe Slowak and Rob Lee publicly pushed back on the need to address process sensors (see https://www.controlglobal.com/blogs/unfettered/sensors-and-sensibility-dragos-and-other-ot-experts-lack-expertise-on-process-sensors/ ). Apparently, Dragos has reversed their position based on the results from a LOGIIC project “Learn why Sensors Matter Within Industrial Cybersecurity”. This work can be important if the Dragos findings can help change the mindset of those in the OT community who continue to ignore these critical control system devices.

I have been writing for years about the need to address Purdue Reference Model Level 0,1 devices including process sensors for control system cyber security. My interest in sensor cyber security stemmed from work I did at the Electric Power Research Institute (EPRI) where we discovered a previously unidentified sensor problem – a common cause, non-detectable failure in pressure, level, and flow sensors in nuclear safety applications.  As a result of this pressure sensor issue, I did detailed Failure Modes and Effects Analyses (FMEAs) on each of the major nuclear safety pressure sensor vendors on what turned out to be a manufacturing flaw (supply chain) in nuclear safety pressure sensors. This flaw actually contributed to the Three Mile Island core melt. I also did another project demonstrating the inherent drift in process sensors. Over the years, there have been many process sensor cyber-related incidents resulting in catastrophic failures. As process sensors typically do not contain any cyber security features, authentication, nor cyber logging capabilities and yet are the input to all OT networks, this should be recognized as a major security, reliability, and safety gap. Moreover, I am currently part of a joint ISA84 (process safety)/ISA99 (cyber security) working group where we are developing a process sensor cyber security annex for process safety applications.

Hacking process sensors is not new – it was demonstrated in the 2015-16 timeframe by Russian and other researchers in a public conference in the US. Moreover, published work from the US Air Force Institute of Technology demonstrated how this type of cyber-induced activity can be detected for multiple sensor manufacturers.

In order to address the gap in process sensor monitoring, I am working with a group to develop revolutionary sensor technology at the physics level that will provide the unique identity of the individual sensors (address counterfeits), the integrity of the measurement including identifying sensor drift (process safety, reliability, product quality, and predictive maintenance), and the origin of the measurement (cyber security and process safety). I will have more to say on this later.

It is incredible that the cyber security, equipment monitoring, and process controls and safety communities continue to erroneously assume the sensor measurement is uncompromised, authenticated, and correct. I hope that the new initiative by Dragos helps the OT community understand and address what’s too often been overlooked.

Joe Weiss

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...