February 28, 2022
Updated on April 20, 2023 to update IEC 62443 to ISA/IEC 62443.
In all industrial plants, smart field instruments measure critical process parameters such as pressure, temperature, flow, level, voltage and speed, delivering vital real-time data. These instruments fall under Level 0 of the Purdue structural model for industrial control systems (ICS) security, pertaining to physical processes, sensors, supervisory controls, operations and logistics.
While intelligent field instruments make maintenance management easier for end users, they also create huge security and data management challenges.
Spotty change management compromises instrument integrity
Smart instrument data almost always shows inconsistencies across different interfaces such as distributed control systems (DCS), plant asset management systems (PAMS), safety instrumented systems (SIS) and standalone communicators.
Usually, in system design, an application captures the baseline configurations of intelligent field instruments. Nevertheless, instrument testing, installation, commissioning and startup can trigger a change in sensor data configuration, added and deleted instruments or more. Field technicians perform preventive maintenance during the instrument’s life cycle and modify device parameters, typically using a handheld communicator. In these cases, the proper change management logs often do not get captured in the PAMS, DCS, SIS or other control systems. This oversight can compromise smart field instrument integrity.
The wrong information may be passed by looking at one of the information access points (DCS, PAMS, SIS, etc.). Smart instruments that support highway addressable remote transducer (HART)/Fieldbus protocols are most vulnerable to this problem. However, increasing the use of low-cost industrial Internet of Things (IIoT)-connected instruments will only magnify the issue in industrial plants.
Because most plants run thousands of instruments, the lack of comprehensive change management proves to be a larger problem. Additionally, the potential cybersecurity risk increases due to poor asset inventory, outdated or missing instrument firmware information and absent cybersecurity procedures for identifying and mitigating vulnerabilities.
You need more than defense-in-depth
Today’s smart devices such as Foundation Fieldbus (FF) are capable of transferring control from the DCS controller to the transmitter or control valve. For instance, both the FF transmitter and the FF valve positioner have proportional-integral-derivative (PID) function block capability, so the PID function block can be located in either device. This capability makes smart instruments critical in process plants for measuring real-time process data and delivering diagnostic information through alarms and events.
Increased smart instrument functionality goes hand in hand with an increase in attack surface. A Level 0 device risk assessment would reveal that reliance on defense-in-depth security alone proves insufficient. To address this challenge, you have two options:
- Implement compensating countermeasures, e.g., insert an industrial firewall if the system architecture and related protocols allow. A system integrator may implement such a countermeasure, and additional devices may be required. Proper change management procedures throughout the smart instrument’s life cycle will also prove critical.
- Incorporate both defense-in-depth and defense-in-breadth functions in the product change or component design at the concept stage. This approach will make the component resilient against attacks. A smart instrument usually has the processing power to handle these security functions. Instrument integrity can be preserved simply by choosing components with a better security design concept.
The ISA/IEC 62443 standard offers a systemic, practical approach that organizations can use to secure industrial automation and control systems (IACS). It helps ensure that cybersecurity is embedded in the system and provides guidelines for personnel safety. ISA/IEC 62443-3-3 and ISA/IEC 62443-4-2 specifically identify system security requirements for asset inventory of all IACS components, including smart instruments. The standard also requires that change management duties in the work process be segregated, eliminating the main problem for smart instruments. ISA/IEC 62443-4-1 provides the product security development life cycle requirements for IACS components, and ISA/IEC 62443-4-2 provides the technical security requirements for IACS components.
Securing smart field instruments in your industrial plant will prove vital. As stated in ISA/IEC 62443-3-1, an attack on a control system could take the form of one or more field instruments being spoofed, inducing an equipment shutdown.
Every industrial plant should have standard operating procedures in place to help ensure Level 0 device security and smart instrument integrity.