Has lockdown caused the cyber security issues of the 2020’s?
Long long ago…
I remember with fondness the call outs to DCS systems with having issues. Many hours joining the night shift of a chemical high hazard facility trying to resolve whichever issue had reared it’s ugly head on this particular shift. This was in the late 1990’s and early 2000's.
One thing that we had was vendor supported ‘remote dial in’. Now this was a challenge as we needed to have phone line extensions which were long enough to reach the phone socket. The policies for connecting to the OT network where new as we didn’t allow dial in until we had new DCS systems that ran on windows (yes I am that old). Dial-in modems and all the noise that went with that. (Interestingly RadioX this morning shared the news that dial-in was being discontinued today! I didn’t know anyone was still using it.) Any request from help meant that we (the System Engineers) plugged the wire in and watched everything being done by the engineer dialling in.
So why do I think that lockdown has changed things?
Before lockdown there was more and more demand for remote dial in to systems so that we didn’t need to go to control rooms to see what was going on. The tack was it was to not distract the operators, but it was more that people could optimise tasks with less leaving of the office whilst completing other tasks.
Subscribe to PII and receive:
Our long-established bi-monthly digital magazine *Process Industry Informer*, featuring exclusive articles, news and updates across the Process Industries, plus commentary from our three industry experts:
Sean Moran
Gavin Smith
Dave Green
PLUS:
- Process Industry Update — our weekly e-newsletter
- PII Podcast
- Special messages from our advertising partners
Now, when lockdown came, I had been in consultancy for 5 years and the summer was great. I was roasting to death working in the conservatory. The studies I was leading on video conferencing tools meant that we could continue the studies, few of the clients in the facilities and some with access to systems to confirm information.
I am now not suggesting that anyone did anything wrong, but it often comes across my mind whether the same rigour was applied during this crisis for granting remote access to systems, as if everyone was working in the facility. Logging in from the desk on an internal intranet.
Lockdown came and went (eventually) it has now become the normal for support to be remote, vendors and staff working from home. Have these been reflected in the security risk assessments? Company systems, IT / OT / Safety Systems etc.
With even more attacks being reported in the news this should be a reminder to check what you have in place for those accessing the systems – Do you know who is accessing when and what are they doing?
I would think that actions should be landing in the Security people’s inboxes to check that you are as robust as you can be to not be the next target.
Closing remarks…..
Make time to review the security arrangements for accessing your systems. This should include the procedures, risk assessments, software updates / bug fixes and equipment. Third-parties are becoming more sophisticated purely for the chance of disrupting your business. If you aren’t keeping on top of this then you might be the next news story.
