Eric Byres discusses cyber security risks for pipeline control systems
Pipeline & Gas Journal / February 2009
Eric Byres, CTO of Tofino Security, has published an article about cyber security and pipeline control systems in the February edition of Pipeline and Gas Journal (www.pgjonline.com). In the article, Eric describes several actual cyber security incidents that have had significant impacts on pipeline companies. These incidents include:
Computer sabotage to the Petroleos de Venezuela, S.A. that interrupted tanker loading
- A Trojan horse attack on the Trans-Siberian gas pipeline that disrupted gas supplies and foreign currency earnings for the Soviet Union for over a year
In the article Eric goes on to describe several causes of cyber security problems, such as:
- Misunderstanding of SCADA security risk by management. For example, managers may assume that the Information Technology (IT) group automatically looks after SCADA security, whereas this is rarely the case.
- The assumption that all cyber security problems arise from outside the company, or that SCADA systems can be protected by a single perimeter firewall, whereas many incidents are caused by secondary pathways into the control network.
- Improper SCADA network design that allows application data a “free ride” on the control network, with negative effects on control network security.
Finally, the article goes onto describe how the ISA-99.02.01 standard helps companies get SCADA security under control. Effective security is achieved by multiple levels of defence, such as the Zone Level Security™ provided by the Tofino Industrial Security Solution.