Process automation in industrial and supply chain applications is leaving the door open for cyber crime, making it of paramount importance that system integrators take precautions to ensure the security of their connected networks.
This is the main message of a recent whitepaper published by CSA Group. The paper, “Protecting connected devices against cyber attack”, was written by Matt Jakuc, CSA Group’s product group manager and cybersecurity technical lead.
The Internet of Things (IoT) and Industrial Internet of Things (IIoT), with their vastly interconnected networks of devices both large and small, are potentially high value targets for cyber criminals who seek to disrupt and destroy supply chains. The report asserts that to thwart malicious attacks functional safety verification is vital for equipment that is responsive to inputs from an operator, either human or machine to be secured.
“A cyber attack on the integrity of a controller can jeopardize the functional safety of a device or control system in an open network architecture,” the whitepaper says.
Three potential hacks need to be prevented, it continues, jamming of a device and its safety functions, hijacking to make a device appear to be functioning properly, and hijacking to trigger safety alarms when none is required, thus forcing the system to react.
“If the manipulation seriously abuses the system it can damage equipment and potentially endanger lives. Even if the compromised device or system can still perform its safety function, it could be rendered inaccessible or raise false alarms that require service attention,” the paper notes.
To prevent these possibilities, the report recommends that all connected devices be tested and certified against established protocols.
While these threats exist, the paper notes that the benefits of IIoT applications outweigh the perils, and make the introduction of security measures worthwhile. However, failure to take proper security measures can result in loss of data, interruption of operations, revenue losses, unplanned recovery costs, liability for negligence and reputational losses.
“A cybersecurity breach poses no greater threat than the loss of functional safety, which can place workers, residents and communities at risk of injury or even death, while also threatening property and the environment,” the paper warns.