Written By Friedhelm Best, Vice President APAC, HIMA.
Process safety is seen as high priority in nearly all industries, including chemical and pharmaceutical, rail, and energy sectors. Now, industrial plants, rail and energy facilities face new challenges as interconnected systems, including to the Internet and the cloud.
As industrial automation grows rapidly, attackers can exploit any weakness in security, potentially putting plants and facilities at risk of serious damages, including financial losses and even human casualties. New industrial cybersecurity threats and vulnerabilities are surfacing as hackers manipulate, control, and destroy plants remotely, mostly untraceable and hidden from detection. Although industrial businesses may have cutting-edge technologies overall, one of the pitfalls are that industrial plants may not be updated with the latest security patches, unlike smartphones or desktop computers.
Since 2021, cybersecurity researchers have reported that the highly connected Asia is rising to the surface as a the prime target for cyberattacks. Recently, Toyota, the world’s largest automaker, had to pause production in 14 plants after a ransomware attack hit one of their suppliers Kojima Industries.
Cyberattacks affects the entire Asia as much as the rest of the world.
SECURITY THREATS ON PLANTS CAN BE DETRIMENTAL
As the threat of cyberattacks grows, information security and plant safety are at risk. While process safety is often the top priority, cyber resilience and cyber readiness are relatively nascent. Manufacturers, plant operators, and system integrators may neglect how cyberattacks can inflict detrimental outcomes. Cyber attackers can target employees to steal industry secrets, personal information, disrupt production processes, or even tamper with key safety controllers along process lines to cause emergencies.
Industrial plants are only completely safe when both functional safety and cybersecurity are implemented. Employees and the work environment must be protected from the dangers that industrial plants present. On the other hand, IT security is required to secure the plants against cyberattacks and external manipulation, preventing industrial espionage, and interference with line processes. Plant operators need to be aware of potential risks and explore solutions to address such risks.
ADHERING TO SAFETY AND CYBERSECURITY STANDARDS
Plant operators and system integrators have to consider cybersecurity from the outset instead of implementing it retrospectively. Therefore, international standards demand that process controls and safety systems be adhered to separately. Protection from cyberattacks and reliable emergency shutdown systems should be included in safety-centred automation systems. This is specified in IEC 61511 for functional safety in the process industry, and IEC 62443 for cybersecurity.
IEC 61511 STANDARD FOR FUNCTIONAL SAFETY
The IEC 61511 standard is tailored for the process industry, building on the basic functional safety standard. The standard sets the minimal requirements for safety-related systems and describe how electronic devices must be used. Furthermore, they define the safety lifecycle for plants. The standard also requires that risks are analysed and the safety integrity level (SIL) is determined. A safety controller that runs error-free is required especially in situations where potential risks are extremely high. The HIMA Planar4 system complies with the current standards and is hardwired, making it more resistant to all kinds of errors and cyberattacks.
IEC 62443 STANDARDS FOR IT SECURITY
The most important international guidelines for cybersecurity are defined in the IEC 62443 standard. One of the requirements set out is the separation of the protection levels of process control systems from safety systems. A facility or plant must be continuously operational as any interruption can result in significant costs or worse. The HIMax safety solution complies with the most rigorous safety standards, including IEC 62443, to prevent failures, while operating the plants as economically as possible. A separated network levels with defined transitions protect operations against cyberattacks in important areas including hardware, operating systems, networks, and engineering.
Achieving 100 percent safety and security in industrial plants will always be a challenge. But plant operators have realised the importance of implementing solutions that conform to the relevant international standards to achieve maximum functional safety and automation security. While maintaining and constantly refining security may pose a challenge to plant operators, there are now many avenues to draw on services of experienced safety and security experts to implement effective approaches.