Nigel Stanley, TÜV Rheinland: Exploring differences in IT and OT to get cybersecurity right in industrial systems

Towards the end of 2017, researchers from cybersecurity firm Dragos detected a foiled malware attack which, even though it wasn’t successful, had serious repercussions for anyone working in industrial environments. The malware, known predominantly as Triton but also going under the monikers of Trisis or HatMan, targeted petrochemical plants in the Middle East. What marked it out from other attacks was that it focused on safety instrumented systems (SIS). SIS are the last line of automated defence for industrial facilities. If these aren’t working, the risk of catastrophic incidents, such as fires and explosions, increase dramatically. What transpired was that the attack inadvertently triggered the emergency shutdown of the facility’s safety system, the Schneider Electric-manufactured Triconex. In August last year, Andrew Kling, director of cybersecurity and architecture at Schneider Electric, wrote about how “the presence of malicious attacks at this level is our new reality” and that “immediate, collective action” is required to build a resilient cybersecurity strategy across the enterprise.