Showing posts with label process automation. Show all posts
Showing posts with label process automation. Show all posts

Sunday, June 30, 2019

US Power Grids, Oil and Gas Industries, and Risk of Hacking

A report released in June, from the security firm Dragos, describes a worrisome development by a hacker group named, “Xenotime” and at least two dangerous oil and gas intrusions and ongoing reconnaissance on United States power grids.

Multiple ICS (Industrial Control Sectors) sectors now face the XENOTIME threat; this means individual verticals – such as oil and gas, manufacturing, or electric – cannot ignore threats to other ICS entities because they are not specifically targeted.


The Dragos researchers have termed this threat proliferation as the world’s most dangerous cyberthreat since an event in 2017 where Xenotime had caused a serious operational outage at a crucial site in the Middle East. 

The fact that concerns cybersecurity experts the most is that this hacking attack was a malware that chose to target the facility safety processes (SIS – safety instrumentation system).

For example, when temperatures in a reactor increase to an unsafe level, an SIS will automatically start a cooling process or immediately close a valve to prevent a safety accident. The SIS safety stems are both hardware and software that combine to protect facilities from life threatening accidents.

At this point, no one is sure who is behind Xenotime. Russia has been connected to one of the critical infrastructure attacks in the Ukraine.  That attack was viewed to be the first hacker related power grid outage.

This is a “Cause for Concern” post that was published by Dragos on June 14, 2019

“While none of the electric utility targeting events has resulted in a known, successful intrusion into victim organizations to date, the persistent attempts, and expansion in scope is cause for definite concern. XENOTIME has successfully compromised several oil and gas environments which demonstrates its ability to do so in other verticals. Specifically, XENOTIME remains one of only four threats (along with ELECTRUM, Sandworm, and the entities responsible for Stuxnet) to execute a deliberate disruptive or destructive attack.

XENOTIME is the only known entity to specifically target safety instrumented systems (SIS) for disruptive or destructive purposes. Electric utility environments are significantly different from oil and gas operations in several aspects, but electric operations still have safety and protection equipment that could be targeted with similar tradecraft. XENOTIME expressing consistent, direct interest in electric utility operations is a cause for deep concern given this adversary’s willingness to compromise process safety – and thus integrity – to fulfill its mission.

XENOTIME’s expansion to another industry vertical is emblematic of an increasingly hostile industrial threat landscape. Most observed XENOTIME activity focuses on initial information gathering and access operations necessary for follow-on ICS intrusion operations. As seen in long-running state-sponsored intrusions into US, UK, and other electric infrastructure, entities are increasingly interested in the fundamentals of ICS operations and displaying all the hallmarks associated with information and access acquisition necessary to conduct future attacks. While Dragos sees no evidence at this time indicating that XENOTIME (or any other activity group, such as ELECTRUM or ALLANITE) is capable of executing a prolonged disruptive or destructive event on electric utility operations, observed activity strongly signals adversary interest in meeting the prerequisites for doing so.”

Tuesday, April 17, 2018

Flow-Tech, Inc. Serving Maryland, Washington D.C. and Virginia

Flow-Tech is a manufacturer’s representative and stocking distributor of process instrumentation and calibration equipment in Maryland, D.C and Virginia specializing in the Industrial Process, Control, and Test / Measurement markets.

https://flowtechonline.com
410-666-3200 MD
804-752-3450 VA

Wednesday, December 28, 2016

DCS Extension or Upgrade Can Boost Process Performance

automated factory
Process automation and control
Industrial control systems, regardless of their type or brand, command first line attention in the operation of a process. After all, with the purpose of a centralized control system being the integration and coordination of all process functions, the control system runs just about everything. Over time, all systems begin to lose some of their value. Causes can include:

  • New technology, regulation, or another factor renders all or part of existing system obsolete.
  • Deterioration of operating components from use.
  • Procedural requirements that are overly burdensome in the current business environment.
  • Outright failure of portions of the system due to unforeseen events.
  • Abandonment of, or major changes to, all or part of the process.
There are certainly more events and circumstances that can lead to consideration of a control system overhaul or replacement. Numerous paths can be charted to resolving a control system challenge of large magnitude, each with a set of costs, technical hurdles, logistics, and time constraints that must be considered. Successful project completion will likely require the services of outside vendors and contractors with expertise in areas of concern.

ABB is a global leader in distributed control system design, hardware, and software. Their expertise can be brought to bear on:
  • New projects or installations
  • Support for existing ABB installations
  • Migration from other vendors
  • Industry specific requirements
  • Extending useful life of heritage systems
Having global and local expertise on board will help your DCS project proceed expeditiously from concept and planning through implementation. Reach out to a DCS expert with your concerns and challenges, then combine your process knowledge with their product application expertise to build an effective solution.