A successful cyber attack on a plant’s Industrial Control Systems (ICS) can be catastrophic
Unlike traditional data attacks, a compromised ICS can impact a plant’s physical operations, causing significant financial and reputational risk, and potentially even threatening lives. As an international engineering and consulting company, with cyber security centres of excellence in Finland and Switzerland, Pöyry is drawing on a deep knowledge of Industrial Plant Automation, Process Engineering and IT Security to advise businesses on the most resilient cyber security programmes.
With The Internet of Things driving greater connection between hardware and software, plants are becoming more vulnerable to the type of cyber attacks that quickly overcome all aspects of operations. Cyber security can no longer be categorised solely as an IT issue. Scenarios such as the cyber attack on Ukrainian sub-stations in December 2015, during which 200,000 people lost their electricity supply, demonstrate that whilst data can be restored or replaced, the impact of physical damage is far more difficult to repair.
The threat of a cyber attack is ever present – a recent study found that “78 percent of security officials were expecting a successful attack on their ICS/ SCADA systems within the next two years” – and the scope is truly global. Every region – and every industry operating within them – is at risk from an attack from a range of different actors, including organised criminal groups and professional hackers attempting to increase their online reputations.
Jonni Talsi, Chief Engineer for Cyber Security at Pöyry said “At Pöyry we want to help ensure that industrial plants are fully prepared to defend against a potential cyber attack. The most important factor for a resilient plant is the ability to contain the damage in a small area and to respond and recover to the normal operation as fast as possible after a cyber incidence has occurred. We provide a range of ICS cyber security services, each customised for a specific plant’s unique requirements, based on the latest international cyber security standards and best practice. Increasing plant personnel cyber awareness through training is one service that Pöyry offers. Other activities include designing, assessing and supervising the implementation of ICS cyber security programs to both operational and greenfield facilities.”
Although regulations are improving, it remains the responsibility of individual companies to take ownership of their plant cyber security and provide protection if they are to stay ahead of the attackers. However, companies are currently failing to embrace the holistic approach that is required, instead relying on traditional IT solutions and standards. Pöyry is advocating a full security audit service, covering all engineering disciplines, instead of mere IT/software based focus. The audit allows Pöyry to provide plant owners with risk based planning services for security and to specify the required emergency response from the plant processes and systems.