The steps for assessing cyber-risk in nuclear plants
Malware in standard Information Technology (IT) systems is, at most, disruptive but not generally life threatening. However, what happens when this malware is transmitted to thousands of sensors in a nuclear plant, causing a major incident and putting people, assets and the environment at risk? Here Gareth Powell, systems integration manager at industrial control systems specialist Delkia, explains how cybersecurity affects functional safety and why certain defensive measures are needed to ensure a system’s integrity.
Stuxnet and Industroyer are two examples of malware attacks in recent years that targeted the industrial control systems of two facilities. In both cases, the malware was used to compromise SCADA, PLC or DCS systems with the intent to cause catastrophic failure. In the first case attackers targeted the centrifuges in Iran’s nuclear programme. The Stuxnet malware altered the PLC programming, resulting in Iran’s nuclear centrifuges spinning too quickly and for too long. This caused irreparable damage to delicate equipment. In the second example, the electrical substations in the Ukrainian capital, Kiev were hacked, leaving 230,000 residents without electricity for up to six hours.
Engineers now need to be cognisant of how they design systems and maintain procedures, policies and behaviours so industries are not blind to extra risks. These risks are multiplied as mission-critical businesses increasingly adopt wireless technologies, use offsite data centres and trial technologies such as drones.
Cyber-threats need to be considered at every stage of the functional safety lifecycle. During the design stage, it’s important that engineers eliminate blind spots by clearly identifying each element of the control system as well as the security breaches that are likely to occur and how to tackle these.
Plant managers should carry out cyber-risk assessments of their operational technology (OT) systems to identify additional security measures that may be required. Following the security standard IEC 62443, this involves picking holes in the work protocols, countermeasures and employee behaviours, as well as the technology comprising the control system itself, to ensure full functional safety. Often after installing a system, penetration testing is carried out to check its robustness and integrity before it is installed in a facility.
After installation, physical security measures can be put in place to ensure cybersecurity. This could be as simple as managing user permissions or installing the latest hardware, software or firewalls to continuously monitor cyber-threats. Firewalls are most effective when only specific users can access the system, and when any ports that are not needed to support the control system connections outside the corporate LAN are blocked.
Importance of data monitoring
Logging, monitoring and analysing your data via a Process Control System (PCS) is also a critical step to ensure cyber-security because it enables businesses to detect malicious activity. Because not all sensors and equipment produce security logs, it’s vital to focus efforts on the instrumentation in the path of an intruder that can give you data.
Being able to monitor data in real-time is also important for operators responding quickly to potential threats to functional security. If a cyber-threat is detected early enough, and the relevant personnel are informed immediately through Human Machine Interfaces (HMIs) connected to the PCS, action can be taken to prevent costly damage. For a nuclear power plant, subversion of a system could result in the dismantling of safety-critical measures. To this end, it is vital action is taken quickly.
Supply chain security
According to the National Cyber Security Centre (NCSC), one of the most important steps in protecting your control system against cyber-attacks is collaborating with suppliers and partners.
With the right partnerships in place, companies can pick holes in a system’s cybersecurity from the get-go, reducing downstream time, effort and costs. What you want to avoid however, is over-thinking hypothetical threats, which may lead to over-complex, costly control systems.
With the right team of cybersecurity experts and systems integration engineers, Delkia is well positioned to advise, deploy or support on functional safety practices affected by cyber-threats. This includes undertaking risk and vulnerability assessments, installing antivirus software, firewalls, intrusion detection systems and alert logging and monitoring capabilities.
What’s more, Delkia’s team of certified functional safety practitioners can advise at the early stages of the design. This is more time and cost effective than trying to retrofit functional safety management requirements at the later stages of implementation.
By aligning cybersecurity and functional safety together, the nuclear industry can benefit from cost-effective and intrinsically safe control systems. For more information on how Delkia is positioned to provide you with the latest cyber support, visit www.delkia.co.uk/cyber-security or contact one of our engineers on +44 (0)1946 812288.