Professional Documents
Culture Documents
Page 1 of 2
Keywords: [cyber attacks] [control systems] [process control] [cyber security] [hackers] [automation] [software] [virus]
Under recent economic conditions, it is understandable that a control-system cyber-security audit is not the top priority for many plant operators. Less staff due to layoffs and deferred
maintenance can present a clear, tangible threat to operations. Too often, the imaginary hacker, discussed in many papers and blogs, is often considered as a non-credible threat. No matter how
many blogs, magazine articles and white papers are written, a real credible threat to a refinery or petrochemical facility from some vague person or organization seems imaginary to those
controlling plant budgets.
Defensive actions.
Fortunately, a number of very practical defense techniques have also been published. The ISA SP99 zone and conduit concepts, combined with a systems-level audit, is a simple and effective
technique that provides some protection. Some control-system vendors are upgrading their software to meet requirements of the ISA Security Compliance Institute for embedded systems. That
will provide more layers of protection.
Although we have much to learn about cyber-security protection, I believe that some protection is a whole lot better than none. I am reminded about an old story. Two hikers were out in the
woods when they suddenly encountered a grizzly bear. The bear spots them and rises up on its hind legs and roars. The first hiker yelled, Im sure glad I wore my running shoes today. The
second hiker replied, It doesnt matter what kind of shoes youre wearing; you are not going to outrun that bear. I dont have to outrun the bear, I just have to outrun YOU, the first hiker
answers back.
I can imagine a hacker trolling the Internet looking for vulnerable control systems. Systems that are easier to hack are the most likely targets. So, I am thinking that the basic, cost-effective cyber
security measures are good prevention options, at least for now. The best policy is to outrun other control systems and, hopefully, avoid being cyber attacked. HP
The author
William Goble is a principal partner of exida.com, a company that does consulting, training and support for safety-critical and high-availability process automation. He has over 25 years of
experience in automation systems, doing analog and digital circuit design, software development, engineering management and marketing. Dr. Goble is the author of the ISA book Control
Systems Safety Evaluation and Reliability. He is a fellow member of ISA and a member of ISAs SP84 committee on safety systems. Dr. Goble can be reached by e-mail at: wgoble@exida.com.
Please read our Term and Conditions and Privacy Policy before using the site. All material subject to strictly enforced copyright laws.
2011 Hydrocarbon Processing. 2011 Gulf Publishing Company.
http://www.hydrocarbonprocessing.com/Article/3005012/Search/The-imaginary-hacker.ht...
1/27/2013
http://www.hydrocarbonprocessing.com/Article/3005012/Search/The-imaginary-hacker.ht...
Page 2 of 2
1/27/2013