Holistic Approach for a secure last line of defense
In late 2017 a safety controller deployed in a Middle East process facility was successfully hacked. The safety instrumented system (SIS) was compromised and initiated a plant shutdown. While no damage or injuries occurred, the incident should serve as a wake-up call to heighten awareness of cybersecurity in the industry as it was the first publicly-known successful attack on a safety instrumented system – which is the last line of defense in any process plant. Furthermore, critical hardware vulnerabilities affecting most modern processors have recently been identified. Attack modes such as Meltdown and Spectre exploited these in order to steal data from computers all around the world.
“In both of the above-mentioned cases, HIMA safety controllers were not affected. But we take these incidents very seriously and work hard to always be one step ahead,” Dr. Alexander Horch, Vice President Research, Development & Product Management at HIMA comments: “It is important to note that there is no such thing as 100% guaranteed safety or security. But by choosing the HIMA holistic functional safety approach which protects the core SIS as well as its environment, plant operators get the maximum level of safety and security possible.”
The purpose of modern functional safety solutions is to reduce safety and security risks to a minimum. Therefore, a holistic approach is needed which not only includes the core SIS (final control elements, logic solver incl. I/O module and sensors), but also its environment like the engineering station, asset management tools (AMS) and handhelds as well as field entry panels and HMIs. By complementing the SIS with the “HIMA Security Environment for Functional Safety,” this approach takes all important security-relevant aspects of industrial control systems (ICS) into account. These include the five following areas: Controller hardware and firmware, engineering toolkit, PC infrastructure, communication infrastructure and lifecycle management.
In terms of firmware, a dedicated operating system specifically developed for safety-critical applications runs on HIMA safety controllers. The HIMA firmware, which is 100% HIMA software, provides an extremely low software error rate and has no backdoors implemented. It is impossible to access the program code during operation as application programs run within a container and no other parts of the CPU firmware can be accessed. On the hardware side, unused Ethernet ports can be disabled and/or locked physically. Thanks to the total separation of SIS and basic process control functions and systems (BPCS) according to the requirements of the standards for functional safety (IEC 61511) and automation security (IEC 62443), no common cause failures can occur.
When it comes to the engineering, HIMA works with its own, single-purpose engineering tool SILworX, again 100% HIMA software. This solution offers various security features such as two-factor authentication for project and controller data, a well-defined user management including security admin role as well as functional blocks with password protection (locking/read-only), just to name a few. By monitoring the application program via system variables, SILworX is even able to detect changes and to issue an alarm in case unauthorized changes are made.
Also, the communication infrastructure has to be secured. The HIMA security environment relies on the proprietary protocol for controller communication SafeEthernet, and the communication stack is Achilles certified by Wurldtech. Separated protection layers between CPU and COM modules lead to an absence of feedback. Networks are clearly separated via firewalls and demilitarized zones, and the controller is tap-proofed to prevent ARP spoofing.
For an effective cyber-defense, the PC infrastructure should be set up with a secure BIOS management, reduced access rights and with only the required Windows services activated. Office laptops should not be used as engineering stations. The engineering station should be kept completely separate. The PCs should feature an intelligent password management system and work with a minimal set of application programs only.
Last but not least, the lifecycle management has to take security into account, too. HIMA safety systems have received various security certifications such as Achilles, ISASecure, EDSA and TUV. The ISO 27001 certification for HIMA’s information security management systems (ISMS) is ongoing. HIMA also carries out penetration tests together with customers, service providers and universities. Development takes place in a dedicated network, and access to source codes is strictly restricted and supervised. In standardization organizations like IEC and OpenGroup, HIMA experts are proactively driving safety and security standardization forward.
“Security is an integral part of HIMA services and engineering. In addition to cyber-secure hardware and software, we provide security awareness training, basic security checks of HIMA safety systems, product security training and security lifecycle services,” explains Dr. Horch.
The HIMA Group is the world's leading independent provider of smart safety solutions for industrial applications. With more than 35,000 installed TÜV-certified safety systems worldwide, HIMA qualifies as the technology leader in this sector. Its expert engineers develop customized solutions that help increase safety, cyber security and profitability of plants and factories in the digital age.
For over 45 years, HIMA has been a trusted partner to the world's largest oil, gas, chemical, and energy-producing companies. These rely on HIMA solutions, services and consultancy for uninterrupted plant operation and protection of assets, people and the environment. HIMA’s offering includes smart safety solutions that help increase safety and uptime by turning data into business-relevant information. HIMA also provides comprehensive solutions for the efficient control and monitoring of turbomachinery (TMC), burners and boilers (BMC) and pipelines (PMC). In the global rail industry, HIMA’s CENELEC-certified SIL4 COTS safety controllers are leading the way to increased safety, security and profitability.
Founded in 1908, the family-owned company operates from over 50 locations worldwide with its headquarters in Bruehl, Germany. With a workforce of approximately 800 employees, HIMA generated a turnover of approximately €126 million in 2016. For more information, please visit: www.hima.com
HIMA has operated in the Americas since the early 1980s. Its headquarters for the Americas is located in Houston, Texas. Discover more at www.hima-americas.com
Press contact HIMA Americas
HIMA Americas Inc.
Sr. Marketing and Public Relations Manager
5353 W Sam Houston Parkway N., Suite 130
Houston, Texas 77041, USA
Phone +1 713 482 2069 I Cell +1 713 876 9828