Triton Attack Highlights Need to Separate Safety and Control

Jan. 12, 2018

In the wake of last month’s revelation of a cyber attack on a process facility’s safety system, HIMA emphasizes the need to keep safety and security systems separate from process control platforms.

Aaron Hand,

Aaron Hand

Last month, one of the most significant cybersecurity attacks for industry was revealed in reports from FireEye and Dragos, detailing the Triton/Trisis malware attack on a process facility in the Middle East that directly targeted a safety instrumented system (SIS).

HIMA, which specializes in safety-related automation systems for process industries, has long been an advocate for keeping safety and process control platforms separate and diverse in any process operation. In the aftermath of the professionally executed attack, which “again clearly shows that facility operators need to take the subject of cybersecurity very seriously,” HIMA reiterated its guidance on cybersecurity in safety-critical systems. It is important for facility operators to physically separate their process control systems and safety and security systems, implementing the requirements of the standards for functional safety and automation security (IEC 61511 and IEC 62443), HIMA contends.

The cyber attack represents a new dimension of cyber threats to critical infrastructure, and the incident should further expand awareness of the subject of cybersecurity in industry, said Alexander Horch, vice president of research, development and product management at HIMA, emphasizing the diligence required beyond the safety system itself. “Work processes and organizational deficiencies are by far the most common areas of vulnerability for successful cyberattacks,” he said. “System interfaces that remain open during operation and can be used to program the systems concerned, for example, give attackers a potential point of access. We urgently advise facility operators to not rely solely on cyber-safe components, but instead to establish a comprehensive security concept for their own facilities.”

In addition to keeping plants safe through automation products, HIMA supports plant engineers and operators in developing security concepts for the entire lifecycle. “For facility operators, it is important to constantly keep an eye on potential forms of manipulation,” said Heiko Schween, a security expert at HIMA. “In this regard, safety-critical applications are fundamentally different from other industrial PLC or office applications. Considerable expertise is necessary to ensure cybersecurity in safety applications.”

About the Author

Aaron Hand | Editor-in-Chief, ProFood World

Aaron Hand has three decades of experience in B-to-B publishing with a particular focus on technology. He has been with PMMI Media Group since 2013, much of that time as Executive Editor for Automation World, where he focused on continuous process industries. Prior to joining ProFood World full time in late 2020, Aaron worked as Editor at Large for PMMI Media Group, reporting for all publications on a wide variety of industry developments, including advancements in packaging for consumer products and pharmaceuticals, food and beverage processing, and industrial automation. He took over as Editor-in-Chief of ProFood World in 2021. Aaron holds a B.A. in Journalism from Indiana University and an M.S. in Journalism from the University of Illinois.