1660343013281 Timmirth300x300

Four common challenges to managing and mitigating DCS cybersecurity risk

Sept. 24, 2021

Cybersecurity for a process system can affect multiple systems and (perhaps most importantly) people.

Rockwell Automation's Tim Mirth

As plants become more interconnected and dependent on the internet, vulnerabilities increase and risks can compound. Manufacturers and producers alike are increasingly encountering cybe- threats, particularly ransomware and data breaches, and more than half of respondents to a recent survey reported facing a data breach in the year prior.

At a plant, an attack could mean lost product, unscheduled downtime, worker safety issues, losses of confidential and/or proprietary information, and typically negative consequences to the company’s public image. We all know this. To help mitigate risk, producers need to identify potential risks, understand their vulnerabilities and prioritize mitigation tactics.

When it comes to a distributed control system (DCS), plant managers and engineers understand that cybersecurity is essential. But creating strong passwords and implementing software updates and patches isn’t enough. Cybersecurity for a process system can affect multiple systems or areas of an operation, including—but not limited to—controllers, networking, HMIs, advanced analytics and (perhaps most importantly) people.

Securing a system can seem daunting, but there are generally accepted countermeasures that will improve your security posture. The ever-increasing connectivity of automated plants provides unprecedented visibility into systems, resulting in advanced analytics and data that can help improve processes, create efficiencies and increase profitability. But that connectivity can leave systems exposed and vulnerable to threats.

If you are exploring cybersecurity-related improvements, make sure you remain aware of these four common challenges.

1. Open systems

Threats and bad actors are out there—just ask the industrial and energy-producing facilities targeted by the Stuxnet malware attack on PLCs in 2009. When the Stuxnet computer worm struck, it spread easily throughout control systems and highlighted just how open those systems were.

Open protocol networks are a well-known part of distributed-control systems and are considered a significant benefit. But producers may be left more vulnerable by the risk associated with online, connected control systems. To help mitigate threats and keep critical assets segmented from most vulnerable areas, consider the Zone and Conduit models. These models can also help keep open networks from being exposed to the easy avenues of attack.

2. Legacy equipment 

In larger plants, you may not even know that your network still has an obsolete operating system on it. Every plant has equipment of varying vintages, and many manufacturers take a piecemeal approach to upgrading their system.

These older machines, especially if they have not been updated in many years, are potential entry points for viruses, worms and hackers. A risk assessment can help expose a vulnerability and develop a strategy to mitigate it. Replacement is critical, but if it is not possible, some protection can be gained with network segmentation building layers of defense.

3. Evolving employee workforce 

Turnover—whether from vendors, external partners, internally or system integrators in particular—can be extremely high and pose a significant challenge to maintaining effective security. The people who have access to your plant and systems are essential to managing the safety of your overall cybersecurity.

Breaches can be caused by innocent mistakes as well as those with nefarious intentions. As you assess your security, be sure to ask yourself these questions:

  • Do you know who manages user accounts and system access for your company?
  • Are there any accounts that have remained active but unused for years? 

Adhering to international standards and managing your users as part of a cybersecurity strategy can also help mitigate risk.

4. Unknown ROI 

With any risk mitigation initiative, it’s less about how much profit is on the line than it is what could be lost by not upgrading an essential system.

A risk assessment can address vulnerabilities and mitigation strategies that allow producers to understand their current threat level across the system. This information requires them to  determine what their risk posture is and what plans are needed to implement changes to meet that risk posture. Determine your risk posture and protect your most vital assets—even in the face of economic or business challenges there are mitigation strategies that can be accomplished using inexpensive and simple measures.

Find a trusted partner to help you navigate cybersecurity

If you’re like many producers, you may not realize the true breadth of the threat landscape. To protect a system, you need to have an accurate inventory of all the pieces and interfaces that make up the system and understand any vulnerabilities they have. A risk assessment led by a trusted third-party partner can make a huge difference.

Trusted partners can help you develop a plan that takes into account not just the IT/data management side of things—computing, software and hardware—but also OT and cybersecurity. OT systems, like a DCS, control the physical aspects of the plant and have special requirements beyond typical IT security measures.

If you’re considering updates to your process-operation system to upgrade your cybersecurity risk mitigation, talk with a trusted partner to learn how a modern DCS can help. 

Tim Mirth is Rockwell Automation’s PlantPAx platform leader