Home / Services / Business Process Integration / Industrial CyberSecurity

Industrial CyberSecurity

Andritz Automation Limited and the Group for Advanced Information Technology (GAIT) at the British Columbia Institute of Technology have joined forces to reduce the vulnerability of plant process control systems to unintended and malicious intrusions. Controls system intrusions have caused:

• Environmental damage
• Safety risks
• Poor quality
• Lost production

Our proven audit process, hardware testing capability and database of incidents, problems and solutions allow us to thoroughly assess and reduce the risk of intrusions.

Both GAIT and Universal Dynamics have been addressing process network cybersecurity issues since 1999 and are continuing to build an ever-expanding database of incidents and solutions. GAIT built a special Internet Engineering Laboratory to simulate the network traffic of a large industrial facility. It is uniquely designed to be able to test process control system components and associated networks for security breaches. Andritz Automation is an advanced process and controls software and engineering company that has been providing industry with "technology to improve productivity" since 1965.

Intrusions do not need malicious intent to create safety and environmental risk:

• Entry of the wrong IP address for a new printer caused the shutdown of a PLC in a major industrial facility, resulting in lost and off-grade production.
• An in-house security probe, lacking appropriate system process knowledge, inadvertently shuts down the control system.

WHAT WE KNOW

Andritz Automation and GAIT are experts in process control system security, design, installation, operation and maintenance. Recent projects have identified:

• Gaps between present and best process security design practices
• Security policies inappropriate for process control networks
• Unintended process system access through vendor monitoring systems
• Easy access to firmware configurations
• Lack of physical security for key process network hardware

Testing at GAIT and Andritz Automation has shown that control systems such as Programmable Logic Controllers and Distributed Control Systems can be shut down by unauthorized internal and external intrusions from anywhere in the world. These can be catastrophic events as in some cases the Emergency Shut Down (ESD) procedures programmed into the control systems may fail to execute. ESDs are designed to ensure a "fail safe" control system shutdown under all conditions.

With both commercial and industrial systems taking advantage of the flexibility of new technologies, there is a proliferation of devices, both wired and wireless, using Internet Protocol (IP) addresses. This is certainly convenient but we have documented unintended and malicious intrusions causing safety risks, lost and off-grade production, and environmental damage.

Now that the threat and consequences of control system intrusions have been identified by various government agencies, due diligence is required. We can reduce your vulnerability to unintended and malicious control system intrusions.

• Audit Control System Security
• Security Policy Development
• Network Architecture Development
• Intrusion Detection Systems
• Security Policy Exception Tracking
• Incident Response Plans
• Penetration Tests