Intelligent automated industrial process control, enabled by IR 4.0 technology, requires increased system integration and connectedness. With such development comes a heightened risk of cyberattack for operational technology (OT) systems, including industrial control systems (ICS) and industrial automation and control systems, historically shielded from cyberspace. Cyberattacks on OT systems can also impact the physical world. The recent attack on the US Colonial Pipeline interrupted delivery of oil along the US West Coast for several days, resulting in a declaration of a state of emergency, while the Ukraine power grid attacks interrupted electrical power supply in Kyiv, impacting thousands of consumers. In 2021, an Equinor-operated platform on the Norwegian Continental Shelf was hit by malware. The incident had the potential to affect the drilling control system (DCS).
For ICS, the concern is ensuring a safe process, as opposed to the more traditional concern with data protection for information technology (IT) system management. To ensure safe implementation of advanced industrial systems control while avoiding unnecessary operational downtime, there is a need for cybersecurity solutions that account for risk for the whole cyberphysical system (CPS), including the ICS, the work environment, the product, and the physical surroundings. Diagnostic models and methods must therefore be developed that cover the functionality of the whole CPS. Further, to account for process dynamics and evolving cyberattack threats, adaptability is required with respect to both process state and new types of attacks. For this purpose, knowledge-based awareness monitoring combined with existing cyberattack detection tools for ICS, known as ICS intrusion detection systems, is proposed, providing an element of artificial intelligence.
Results from studies in a DCS environment indicate that existing monitoring applications can be used to detect and discern between different types of cyberattacks on CPSs. This indicates feasibility with respect to monitoring the control and IT components of the ICS system for building risk-based cybersecurity decision support solutions.
The key challenge and novelty of the proposed approach is to extend the capability of cybermonitoring in systems control to automated evaluation of process risk, including risk to the physical environment. Such capability will enable appropriate decision support with respect to both process risk and operational downtime.
This abstract is taken from paper SPE 217430 by S.H. Houmb, NTNU; F. Iversen and R. Ewald, NORCE; and E. Færaas, Equinor ASA. The paper has been peer reviewed and is published in the SPE Journal, available as Open Access on OnePetro.