Friday, June 1, 2018

Midstream Cybersecurity Risks By James McGlone Of Kenexis

What happens if a hacker takes control remotely of a pump station and spoofs the pressure indicator, so the logic controller can’t shut-down the booster pump, and then closes a discharge valve – blocking the pump in and over-pressuring the downstream piping? ICS-Service.png When you are focused on designing safety requirements for industry, it is very hard to ignore the alarms being raised regarding cybersecurity. Especially in the case of where operators loose of control of a process. Whether you are working in the Marcellus, Utica, Permian or Eagle Ford shale plays, this is important to you. We know this has happened in industrial applications and it has resulted in catastrophic problems. We know that the logic controller in safety integrated systems (SIS) have been attacked. Basically, we can’t trust our safety systems, the hacker can override the operator’s actions, and indications can be spoofed. This may sound like a worst-case scenario out of a movie, but it is exactly what has already occurred. Recently, the oil and natural gas industry was shocked to discover that a very good SIS was hacked. We encourage operators in the major shale plays, Marcellus, Utica, Permian and Eagle Ford, to be aware of this. As if hacking the SIS isn’t bad enough, operators of the Ukraine power grid had a surprise one day when they lost complete control of their grid. At one point in the article referenced the operator watched the mouse cursor start moving on its own and disconnected a substation, all while the operator tried to seize control to no avail. We know how that ended. But, I want to get back to minimizing the risks, so a hack becomes an inconvenient problem and we can recover. Hazards of Operability Studies (HAZOP) and engineering studies like Layer of Protection Analysis (LOPA) and Quantitative Risk Analysis (QRA), are designed to identify initiating events and potential outcomes associated with operating a process and then calculate the risk to people, environment and assets. By looking at the cybersecurity problem from a process safety perspective, we can reduce the infinite potential outcomes and attack vectors allowing us to focus on significant scenarios and design systems so an attacker with complete control of a process can only mess it up, not blow it up. Returning to that hacker attack on your pump station… If the plant was designed properly, the result of the attack will be a minor business interruption while the control system is reset, and the pump restarted. If the plant was not designed properly, the result could be rupture of the pump discharge piping, fire, and explosion with potential impact to personnel in the area, environmental damage due to spilled materials, massive equipment damage, and a prolonged business interruption. Oil and natural gas pipeline operators in the Marcellus, Utica, Permian and Eagle Ford must be constantly vigilant of these hacker attacks. The oil and gas industry can prevent these hacker problems with proper design and planning. James McGlone, Kenexis www.kenexis.com

https://www.shaledirectories.com/blog/midstream-cybersecurity-risks-by-james-mcglone-of-kenexis/

No comments:

Post a Comment