Instrumentation Cybersecurity Lessons Learned From the Field

Jeff_Blair · ‎2020-09-10

As a hopeful helpful reminder and conversation starter, I'm interested in what end users are doing to ensure the cybersecurity of their traditional wired instrumentation. Needless to say, hacking into an instrument and changing the configuration may bring undesired results. My experience has been preventing physical tampering with instrumentation and associated wiring as a cybersecurity measure. Here are some of the lessons learned:

If the instrument has a display or configurable pushbuttons, ensure a security code is enabled and different from the default.
Provide physical hardening of the instrument including (but not limited to) using instrumentation enclosures and cabinets.
If available, install physical locks on the instrument display cover to limit tampering.
Most instrumentation can be configured remotely from the wiring. Ensure instrumentation wiring is secure in a cable tray or conduit and is not easily accessible.

bipinzacharia · ‎2020-09-11

Hi,

By adding the feature, I have few queries on the cyber security

a)what level of security is achieved?

b) Are we adhering to any standard? If Yes, which standard and version of the same?

rhbbatista · ‎2020-09-14

https://blog.se.com/cyber-security/2020/08/19/ot-cybersecurity-for-industrial-sensors-the-why-and-th...

An interesting article that is pertinent to the subject raised, and warns of the lack of attention with issues related to cyber security referenets to sensors (instrumentation included).
And I think an important warning to the new protocols based on ethernet that are emerging for instrumentation.

"While most traditional OT cybersecurity efforts are focused more on critical SCADA systems, PLCs, and other ethernet-linked devices, sensors are often ignored, even those that are ethernet connected. Yet sensors provide the data from which many control-based decisions are made, and thus, also should fall under the critical assets category for representing the process."

Notice that the article was republished on the ISA blog: https://gca.isa.org/blog/ot-cybersecurity-for-industrial-sensors-the-why-and-the-how?utm_campaign=bl...

This raises an interesting question: Will the choice of instrumentation communication protocols impact on the level of security of the plant and its costs with protection (cyber security)?

How may I help with Instrumentation?

Jeff_Blair · ‎2020-09-14

Thanks for the feedback and inquiry. To my knowledge, there is no specific code, standard, or recommendation that specifically addresses instrumentation cybersecurity. ISA 62443 addresses the entire automation system including devices but there isn't much in there for instrumentation - it's recommendations are written around control systems, PLCs, DCSs, etc.

Some end users have adopted best practices and/or internal company standards and specifications that are similar to what I wrote, but nothing that's in the public domain that I'm aware of.

The US relies on the National Cybersecurity and Communications Integration Center (NCCIC), the Industrial Control Systems Cyber Emergency Response Team’s (ICS-CERT)

and National Institute to Standards and Technology (NIST). All three organizations have great cooperative recommendations. With all three I see great recommendations for control systems and computer networks, but not much regarding the actual field devices.

To answer your questions:

1. None that I am aware of. However, the physical security of instrumentation prevents tampering from would be nefarious personnel or curious tinkerers. That lack of tampering helps keep the instrument and it's connected control system secure.

2. I'm going to assume that the practices I listed certainly help towards compliance with ISA 62443 and certainly agree with the published guidance issued by NCCIC, ICS-CERT and NIST. But, no, I'm not aware of any specific standard met by these lessons.

Jeff_Blair · ‎2020-09-14

Thanks Ricardo. That article by Michael Pyle is enlightening and spot on. I agree with all your points.

My cybersecurity experience is primarily the physical security of instrumentation to prevent any tampering. Imagine tampering with an instrument that is not protected (it's in the open, not in a cabinet, and has a display with pushbuttons and no password). A curious passerby or someone trying to deliberately change the configuration may be able to show a gas line pressure is actually much lower than what it really is. The control system now thinks the pressure is low so perhaps it allows an increase in pressure - which would be very dangerous.

Protocols play a role for sure. As protocols become more like what most home computer users are used to (i.e. ethernet), we as vendors and product managers play a more critical role in helping customers learn from our collective knowledge and experience how to keep their systems safe.

I believe a standard or code will come forward in the not too distant future to address these concerns.

bipinzacharia · ‎2020-09-14

Thanks Jeff & Ricardo,

Beahan · ‎2020-11-21

Thanks for the information, keep sharing this type of info

Invite a Co-worker

Invitation Sent