Skip to main content

OT/ICS Cybersecurity

The Control System Engineer's Guide to Improved Safety, Reliability, and Productivity – Introduction (Part 1 of 4)

Introduction

Process safety, cybersecurity  and abnormal situations continue to be the most pressing concerns on the minds of plant personnel and executives in power, oil and gas, and processing industries. Threats of malicious cyber-attacks  as well as vulnerabilities resulting from ever-increasing complexity and interdependency of automation systems have created untenable conditions that require innovative solutions. Investments in plant reliability improvement over the last three decades have delivered unprecedented results in extending the life of physical assets. Asset management solutions such as Reliability Centered Maintenance and Risk Based Inspection have enabled plants to extend the periods between plant turnarounds from eighteen months to forty-eight months, on average. In fact, every successful industrial operation today includes a comprehensive asset reliability program with a high degree of visibility throughout the organization.

Meanwhile, complex and highly integrated automation systems that are at the heart of plant production and the window through which operators run the plant remain largely unmanaged at most industrial plants. Automation assets are often the most vulnerable and a prime target of cyberattacks. The documentation for most automation systems is out of date. They are the primary platform for continuous improvement, exposing them to weekly configuration changes and opportunities for introducing configuration defects. And most importantly, configuration changes in automation systems at most companies is generally exempt from the rigorous management of change (MOC) processes that are required for physical assets such as valves and pumps.

Best-in-class companies are recognizing the threats and vulnerabilities associated with the lack of proper management of automation assets. To that end, the industry is rapidly deploying technologies and work processes to ensure the integrity and ongoing availability of mission critical automation assets. 

Automation Asset Management (AAM), which may also be referred to as Industrial Control System (ICS) Configuration Management, is to control systems and PLCs as physical asset management is to pumps and compressors. It includes specialized software technology to facilitate a proven work process for the personnel responsible for ensuring that the AAM program is successfully deployed and maintained throughout the plant's lifecycle. 

An effective AAM software technology must facilitate the necessary functions to automatically generate an inventory of the automation endpoints for both open and proprietary systems and their associated operating systems, software applications, patches, and other components. It must also provide automatic documentation and integrated visualization of the complex configuration within and among automation assets. It must facilitate work processes for an effective management-of-change (MOC) program and maintain a history of all configuration changes. Automated configuration integrity checks and code defect detection capabilities are essential in an effective AAM solution. Lastly, as the primary target for malicious cyberattacks, automation systems must be protected through physical and perimeter security as well as through whitelisting and rigorous monitoring and reporting.

Read more in this series:


Ready to learn more? Discover What's New in OT/ICS Cybersecurity.

About the Author

Nick Cappi is Vice President, Portfolio Strategy and Enablement for OT Cybersecurity in Hexagon Asset Lifecyle Intelligence division. Nick joined PAS in 1995, which was acquired by Hexagon in 2020. In his role, Nick oversees commercial success of the business, formulates and prioritizes the strategic themes, and works with product owners to set strategic product direction. During his tenure at PAS, Nick has held a variety of positions including Vice President of Product Management and Technical Support, Director of Technical Consulting, Director of Technology, Managing Director for Asia Pacific Region, and Director of Product Management. Nick brings over 26 years of industrial control system and cybersecurity experience within the processing industries.

Profile Photo of Nick Cappi