Thursday, 13 February 2025
22.7 C
Durban

Locking down levels with hack-proof measurement technology

Home Infrastructure Technology Locking down levels with hack-proof measurement technology

USERS in the process industry seldom prioritise cybersecurity because they assume it’s the IT specialists’ responsibility, or they don’t feel directly threatened. However, both attitudes are neglectful because security should always be a joint task between IT and OT. Digital networking is rapidly advancing in the process industry, and concepts such as Namur Open Architecture (NOA), Modular Type Package (MTP ), and Ethernet-Advanced Physical Layer (APL) are increasingly being used.

This creates new pathways into the previously isolated automation level, providing a convenient entry point for cyber-attacks.

The dangers of digital networking

The use of modern, integrated automation solutions is simplifying processes and making them more flexible and efficient, but due to this flexibility, process automation engineers are increasingly placing more emphasis on security. For example, according to the industry association Bitkom e. V, the German economy experiences a yearly loss of approximately €203 billion due to the theft of IT equipment and proprietary data, as well as from espionage and sabotage. This is particularly problematic because cyber adversaries can come from various backgrounds, ranging from individual ‘script kiddies’ to criminals and even nation-states. Although such attacks are still infrequent in the process industry, operators of power plants, fuel tanks, or equipment in the water industry have recently become more vigilant. It’s crucial not to underestimate the fact that any IT attacks can rapidly impact OT areas.

The development of wireless communication has brought about many benefits for users. Level sensors play a crucial role in providing essential data across various industrial sectors. This allows process data to be accessible globally, enabling Vendor Managed Inventory. Vega sensors have been supplying critical data for many years, such as level data from reservoir water levels right through to coal power station inventory stockpiles.

The emergence of Bluetooth technology has further expanded the usage of these applications. Bluetooth simplifies the adjustment and commissioning of sensors and controllers, often helping to prevent accidents. Regardless of the source of the level data, whether it’s from large silos, remote measuring points, potentially hazardous environments, or intricate processing plants, Vega sensors make the data available where it’s needed. Wireless data transmission is also utilised to retrieve status information from the sensors, such as reporting maintenance needs or requesting updates, effectively reducing downtime.

From a cybersecurity standpoint, challenges arise. Data is increasingly integrated into production and maintenance systems for further processing in offices or control rooms, creating a gap between operational and security functions.

Holistic security concept

Vega invested significantly in obtaining certification following IEC 62443-4-2 while developing the Vegapuls 6X. This international set of standards defines security requirements for both hardware and software, and the entire development process of the Vegapuls 6X was aligned with it. TÜV Nord oversaw this work and rigorously tested every measure.

The Vegapuls 6X prioritises safety by safeguarding its internal electronics against tampering. It employs a layered security approach called defence-in-depth, comprising various IT security layers such as production equipment security,
network security, and security measures for different system components. This strategy protects against threats like data manipulation, Denial of Service (DoS) attacks, and espionage.

The Vegapuls 6X incorporates extra security features that include user authentication. Each device is assigned a unique device code and a Bluetooth access code. The Bluetooth connections are encrypted using standardised cryptographic methods and can be disabled after configuration.

The instrument logs all locking and unlocking actions in its event memory, capturing all successful and unsuccessful attempts. Firmware integrity checks ensure the software update package is encrypted and signed, preventing unauthorised software from being loaded into the Vegapuls 6X. Lastly, the instrument allows data backup for recovery through the DTM, with the option to save parameters using HART-enabled control systems.

Worst-case scenario

When defending against a cyber-attack, time is of the essence. Companies should make appropriate preparations, which include developing a clearly defined emergency plan to ensure that valuable time is not wasted in case of an attack. It is also essential to plan how to rebuild a secure system in case significant damage is done. The Product Security Incident Response Team (PSIRT ) at Vega is always ready to help. These experts continuously search for vulnerabilities, assist with updates and patches, address customer inquiries, and take immediate action in critical situations, such as when a user discovers a vulnerability. Vega also collaborates closely with CERT@VDE, an IT security platform for industrial companies, to report and investigate vulnerabilities.

Vega-level sensors have been used for monitoring industrial processes for many years. The Vegapuls 6X sensor is designed to be easy to set up, regardless of the application area, technology, or sensor version. Vega also focuses on simplifying aspects related to cyber security, acknowledging that cyber security is an ongoing, dynamic process that requires continuous attention. Although Vega cannot absolve the plant operator of all responsibility, it does provide support by encouraging operators to implement security measures outlined in the guidelines. These guidelines also offer additional suggestions for enhancing the security of production systems.

Most Popular

Financial close reached on 175 GW short-term PPA

SAPPI Southern Africa and Enpower Trading have reached Financial Close on a five-year 175 GWh per year renewable energy Power Purchase Agreement (PPA). This...

Transnet taking steps to repurpose Lilly Pipeline for LNG market

TRANSNET Pipelines (TPL) has issued a Request for Proposals (RFP) inviting interested parties to enter into a Heads of Agreement (HOA) to secure pipeline...

State refinery issues invite to supplier open day

THE South African National Petroleum Company (SANPC), a subsidiary of the Central Energy Fund (CEF) has invited prospective bidders to a supplier open day...

Richards Bay LNG Terminal parties commit to deliver in 2028

RICHARDS Bay is gearing up to be the country’s industrial liquid fuel hub after Transnet National Ports Authority (TNPA) signed two strategic Terminal Operator...