In 2017, a Middle Eastern petrochemical facility had the unfortunate distinction of being the first known victim of malware specifically targeted at process safety systems. Thanks to TRITON, the oil and gas industry became ground zero for the convergence of safety-instrumented-system process safety and inductrial-control-system (ICS) cybersecurity. Suddenly, the relatively obscure world of process safety systems, which had never seriously been considered a cyber vulnerability, was in the spotlight.
Process safety systems are designed to be safe but not necessarily cyber-secure. The oil and gas industry, from upstream applications, such as oilfields and offshore platforms, to downstream applications, such as refining and petrochemicals, have the largest installed base of process safety systems by a wide margin and thus are most at risk.
The TRITON/TRISIS/HatMan malware incident proved that the worlds of process safety and industrial control systems should be looked at holistically, not just from the standpoint of potential cyberthreats. This requires a unified approach to monitoring control system and process safety assets and applying the large body of knowledge that exists in the process safety domain to the world of ICS cybersecurity.
In the Land of Undocumented Devices
Process safety systems are often the last line of defense between an abnormal situation in a refinery or petrochemical plant and a plant incident. Plant incidents can range from the relatively minor to large-scale explosions and fires that have claimed hundreds of lives at process plants and their surrounding communities. In the event of an abnormal situation, the safety system trips and either shuts down the plant or brings it to an otherwise safe state.
The cybersecurity community frequently refers to process safety controllers as “undocumented devices” because they typically exist separately from the more common industrial control or distributed control systems that handle the bulk of plant control applications.
Process safety systems aren’t the only systems that fall under this category. There are untold numbers of installed compressor control systems, burner management systems, storage terminal automation systems, and other ancillary systems that exist outside the realm of higher profile ICS systems. All of these control critical applications in industrial plants but have not received much attention when it comes to cybersecurity.