(161b) Automation Cybersecurity in the Chemical Industry: Connectivity’s Double-Edged Sword

Today’s automation systems are much more highly connected than they were at the start of this millennium. Advances is technology, the cost of computing and the speed of communication in just the last seven years have brought industries higher performance, optimization, visibility, advanced system diagnostics with high reliability and availability fault tolerance, analytics and production yields that unquestionably have revolutionized all industry sectors. Convergence of site automation system technologies and traditional enterprise IT systems have become more prevalent and provide opportunities such as the remote mobile worker, integration into MES and ERP systems and remote access for troubleshooting and support. This is the one side of the blade most sought after.

The flip side to these efforts and strategies has also brought untraditional risk to these systems. Risks with low likelihood and questionably low to mid impact are no longer the case as integrated control and safety critical systems have indirect enterprise network connection into one digital ecosystem vastly connected to the public internet.

This is the side of the blade that can and has cut deep. Cyber actors using flaws in software lack of security controls and public connectivity to enterprise IT systems have and will continue to leverage victims’ networks and systems for nefarious means whether that is ransomware, tampering and manipulation or denial of service and view.

This talk will cover strategies, standards, and good engineering practice that asset owner operators, integrators and vendor delivery service groups should be doing. Also, a walk through recent cyber intrusions and impacts analysis.