zorandim75 - Fotolia
Oil refineries, paper companies and pharmaceutical firms are developing a new generation of secure industrial control technology that will offer better protection against attacks on critical manufacturing infrastructure from malware and state-sponsored hackers.
More than 120 companies, including ExonMobil, DuPont and Lockheed Martin, are taking part in a fast-track collaborative project that aims to develop highly secure, lower-cost ways to control industrial plants.
The work comes as new evidence emerges that state-backed hacking groups are targeting vulnerabilities in critical industrial infrastructure in the US and the UK. The UK security services warned last week that Russia is targeting western energy companies with cyber attacks, following US military strikes in Syria.
Industrial control systems – known as supervisory control and data acquisition (SCADA) systems – which are used to control valves, motors and other industrial processes, are frequently based on technology that pre-dates the internet, and can be vulnerable to attack in modern control systems which transmit and receive data over the internet.
But large oil and manufacturing companies are working on plans to replace existing control system infrastructure with lower-cost alternatives that promise greater security against cyber attacks on control devices connected to the industrial internet of things which links millions of internet-connected industrial devices.
The project, co-ordinated by the Open Process Automation Forum, part of independent standards organisation The Open Group, aims to help oil and gas and process companies break free from manufacturer-specific industrial control systems, which are expensive to maintain and upgrade and difficult to patch to protect against the latest security vulnerabilities.
“A major issue they are trying to address is cyber security. In traditional control systems that was not an issue, but now companies are constantly patching their systems to address cyber security threats,” said Steve Nunn, CEO at The Open Group, which is coordinating the work.
“If a utility system got hacked or an oil pipeline was hacked in a malicious way, it could cause a lot of damage. It is a real risk and it keeps people awake at night,” he said.
The members of the group are using existing technical standards to create an ‘open’ approach to process control architecture that will allow manufacturing companies to mix and match control technology from any supplier, eliminating the risk that they will become locked in to one company’s control system for the life of the plant.
Steve Nunn, The Open Group
The project will lead to a fundamental rethink of the way manufacturing plants are controlled, so that in the future, plant operators will be able to adjust the plant to maximise profit and quality, rather than spending their time optimising variables such as temperatures, pressures and flow rates.
Cyber security built in
“Cyber security will be a big component from day one. They will have a system that is built with awareness of cyber security threats. Right now, they are in catch-up mode, trying to patch things to stay ahead of the hackers,” said Nunn.
ExxonMobil, which reported sales of $237bn last year, kick-started the project in 2016 after seeing the US Airforce develop a similar open standards-based approach to avionics in military aircraft.
The oil and gas company faced the prospect of replacing tens of thousands of control systems used in many of its production plants over the next five years, as they reached the end of their 25- to 30-year usable life. It did not want to spend another 25 years locked into technology from a single supplier.
Don Bartusiak, chief engineer at ExxonMobil Research & Engineering, said it would be difficult for the oil and gas company to upgrade its control systems in a planned way over time.
Industrial control systems are proprietary to the manufacturer that supplied them, so it can be difficult and expensive to upgrade single components without replacing the entire control system.
Don Bartusiak, ExxonMobil Research & Engineering
“Consider you want to upgrade your home computer, and you decide to switch from Dell to HP. In our world, if we did that we would have to rewrite all the software on the PC. That is the business proposition we face,” he said in an interview with Computer Weekly.
Authenticating control signals
For Bartusiak, it is important that the next generation of control systems have built-in technology that can authenticate the origin of control signals to differentiate genuine control signals from the work of hackers or malware.
Another priority is to build mechanisms into the integrated circuits of industrial controllers that would protect control systems against zero-day attacks that exploit previously unknown security vulnerabilities.
The companies that make industrial control systems also see benefits to the project. If the work is successful, in future they will not have the burden of supporting and maintaining control technology for the 25-year life of a typical process plant.
Finding people with the skills and desire to work on 25-year-old systems is difficult, and in some cases control systems suppliers are resorting to buying spare parts for their own equipment on eBay, said Nunn.
The company, unlike Exxon, does not face the prospect of having to replace its control systems, having upgraded its plants over time. But it does want to find a way of reducing the cost of process control systems.
“We want to buy different pieces from different suppliers and to be able to pick and choose. We hope we can get savings of between 30% and 50% if we are not locked into one system,” he said.
The company uses a demilitarised zone (DMZ) to isolate its process control systems from other computer systems in the organisation. The DMZ ensures the IP address and computer port of every device is changed before it reaches an internet connection.
“That probably stops 90% of average hackers, though it won’t stop a nation state,” he said.
In addition to increasing resilience against cyber attacks, moving to open standards for industrial control systems could reduce the business risks associated with building industrial plants.
Don Clark, vice-president of global application consulting at control system manufacturer Schneider Electric, said that, like any major project, building a processing plant is fraught with risks, ranging from health and safety to delays and cost overruns.
Although process control systems typically only make up 3% to 5% of the cost of a manufacturing plant, they account for 80% of the risk, so anything that can reduce the cost and complexity of control will benefit businesses.
Exponential growth in sensors
The number of sensors and control inputs used in industrial plants is growing exponentially. In 1960, a typical plant had 2,000 control points; in the late 1990s, the figure had increased to 50,000. By 2030, a typical plant will have 550,000 control points, each with 50 data inputs.
It can cost tens of thousands of pounds to replace just one sensor in an industrial plant. If a plant operator has to replace 10,000 sensors, the cost becomes prohibitively expensive.
Don Clark, Schneider Electric
“From a need point of view, if you are going to have a vast increase in the number of sensors, the only way you can do it is have a vast reduction in the cost of sensors,” he said.
In future, he sees industrial plants operating more like the human nervous system. In the human body, the work of the heart, lungs and kidneys is not controlled by the brain, but locally. That frees up the brain to learn Shakespeare or listen to music.
“Your body is stunningly filled with sensors. We are awash with sensors. They are cheap because there are so many of them,” he said.
In the future, low-cost sensors will be embedded in pumps, valves and electric motors, and each device will report back directly to the control room, without the need for the distributed control system (DCS) that is standard today.
Simplifying process control
The Open Process Automation Forum may ultimately make process control simple enough for people who are not specialists in engineering or chemistry to be placed in charge of running critical manufacturing plants.
“Our objective – we are hoping and praying for – is that the cost and risk is dramatically reduced, so that people who are not interested in thermodynamics can be plant operators,” he said.
The end goal is to free up the people in the plant control rooms to make business-focused decisions, rather than decisions about the operating temperature or flow rate of the plant.
“Everything was driven by what the temperature is, what the pressure is, what is the Ph [acidity]. Though that is important, we want that to be shifted into the background, and the operation will become more of business operator,” he said.
That means when a plant operator makes a decision to change something, he or she will know what the economic impact is. People will be able to make rapid decisions about cost and quality,” he said.
For example, a particular adjustment might cost the company £4,000, but an operator might decide it is worth doing because it gains £8,000 in improved productivity.
“Rather than being pre-occupied by efficiency or process, we are looking at the performance of the business,” said Clark.
The project to redefine process control is moving at lightning speed, compared with the glacial progress of most industrial standard reforms.
One reason for that is because the collaborating companies are adapting existing technology standards, rather than attempting to write them from scratch.
And there is a clear business need for it – it’s not just an academic exercise, said Clark.
“In the past, you were able to do much of what you needed with a single supplier. The problem was, as time moved on, the user needed to integrate more third-party parts to solve a particular problem, and the maintenance of that became very costly,” he said.
Over the past year and a half, ExxonMobil has worked with Lockheed Martin and 10 other suppliers to build a proof of concept control system. The system is now being used successfully to control a simulated production plant.
The first full-scale deployments could be less than five years away.