Outage and asset damage triggered by malicious manipulation of the control system in process plants

Abstract

Abstract Intentional acts consisting in remote (cyber) or physical manipulations of the BPCS (Basic Process Control System) and the SIS (Safety Instrumented System) of a process plant may result in severe consequences for the affected industrial facilities. Interruption of productivity, with or without asset damages, generally results in huge economic losses and, at times, in damages to reputation, people and the environment. Despite the existence of several international standards aimed at the assessment and management of cybersecurity of IT (Information Technology) and OT (Operational Technology) systems of a facility, only few contributions are present in the literature addressing the concrete connection between malicious manipulations of the BPCS and SIS systems and the impacts on the physical process system that can be initiated. In this panorama, the present work fills this gap by developing a systematic qualitative methodology supporting the identification of possible security events affecting the operability and/or system integrity of a process plant, of the malicious manipulations by which they may be initiated, and of the existing safeguards in place. The results can be used within the standard procedure for cyber risk management of the IT-OT system (e.g. ISA/IEC 62443), to support the identification of protection requirements and countermeasures. The methodology is complementary to current safety and security assessments and is intended for application to front-end design phase as well as to the security review of operating plants. The methodology was applied to a case study (an offshore Oil&Gas compression plant) to demonstrate the potential of the methodology and the results obtained.