Four Common Challenges to DCS Cybersecurity

PB 25 Rockwell newlogo 400

February 23, 2021

By Tim Mirth, PlantPAx Platform Leader, Rockwell Automation

Just as most people haven’t crossed paths with sophisticated criminals in their everyday lives, most industrial automation users have not had to face major cyber threats from bad actors. Many manufacturers and producers don’t know how vulnerable their systems are – and unfortunately, the ramifications of an attack go deeper than lost product.

Threats and bad actors are out there – just ask the 18,000 companies affected by the recent SolarWinds hack, or the industrial and energy-producing facilities targeted by the Stuxnet malware attack on PLCs in 2009. Manufacturers and producers are increasingly facing cyber threats, particularly ransomware, as well as data breaches. In fact, more than half of respondents to a recent survey reported a data breach in the year prior.

As plants become more interconnected and dependent on the Internet, and as digital transformation becomes less of a buzzword and more of a norm, vulnerabilities increase and risks compound. At a plant, an attack could mean lost product, unscheduled downtime, worker safety issues, losses of confidential and/or proprietary information, and sometimes negative consequences on the company’s public image.

In order to truly mitigate risk, every producer needs to be proactive about knowing what risks are out there, understanding their unique vulnerabilities, and prioritizing mitigation tactics from there. The bottom line? Don’t just assume you are safe from cyber attacks – you must be proactive to protect your system. Attackers constantly evolve and so must you.

DCS cybersecurity: Assess your risk

When it comes to a distributed control system (DCS), plant managers and engineers know cybersecurity is essential. How can you help ensure your system is secure? And how can you do that if you don’t know all the nuances of your system?

For security, people often immediately think to create strong passwords and are aware of the need to implement software updates and patches in our everyday computing environments. But cybersecurity for a process system – which contains any number of products including, but not limited to: controllers, networking, HMIs, advanced analytics, and maybe most importantly people – requires a more comprehensive plan.

That plan should take into account not just the IT/data management side of things – computing, software and hardware – but also OT, or operational technology, cybersecurity. OT systems, like a DCS, control the physical aspects of the plant and have special requirements beyond typical IT security measures.

To protect a system, you need to have an accurate inventory of all the pieces and interfaces that make up the system and understand any vulnerabilities they have. A risk assessment led by a trusted third-party partner can make a huge difference, as it’s easy to miss the things that are right in front of us. This assessment will help producers find vulnerabilities and allow the site to understand what level of risk they can tolerate.This will allow them to make the best choices for threat mitigation in their company.

Four common challenges to improving security

Securing a system can seem extremely daunting, but there are generally accepted countermeasures that will improve your security posture. The ever-increasing connectivity of automated plants provides unprecedented visibility into systems, resulting in advanced analytics and data that can help improve processes, create efficiencies and increase profitability. But that connectivity can leave systems exposed and vulnerable to threats.

Plant decision-makers exploring DCS-related cybersecurity improvements may face one or more of these common challenges:

  1. 1. Open systems. When the Stuxnet computer worm struck and spread easily throughout control systems, it highlighted just how open those systems were. Open protocol networks are a historical hallmark of distributed control systems and are usually considered a huge benefit. But the additional avenues of risk associated with online, connected control systems may leave producers more vulnerable. The Zone and Conduit model can help mitigate the threat and keep critical assets segmented from most vulnerable areas. This also allows for open networks from being exposed to the easy avenues of attack. Managed firewalls are an important part of protecting open systems.
  2. 2. Legacy equipment. Every plant has equipment of varying vintages, and many manufacturers take a piecemeal approach to upgrading their system. That means a new PLC might be on the same network as a computer running Windows XP. These older machines, especially if they have not been updated in many years, are potential entry points for viruses, worms and hackers. This is where a risk assessment can expose a vulnerability and develop a strategy to strengthen them. In larger plants you may not even know there is still an obsolete operating system on your network. Replacement is critical, but if it is not possible, some protection could be gained with network segmentation building layers of defense.
  3. 3. Evolving workforce. Employee turnover internally and at external partners and vendors is another big challenge for producers. Turnover for system integrators in particular is often extremely high. The people who have access to your plant and systems are an important piece of the overall cybersecurity puzzle. Breaches can be caused by innocent mistakes as well as those with nefarious intentions. Do you know who manages user accounts and system access for your company? Are there any accounts that have remained active and unused for years? Adhering to international standards and managing your users as part of a cybersecurity strategy can help mitigate risk.
  4. 4. Unknown ROI. It can be difficult enough to get management buy-in for investments when the return on investment is clear. With cybersecurity or any risk mitigation initiative, it’s less about how much money the company will make and more about what you don’t want to lose. Cyber attacks can cause losses of production and uptime, communications, information and, worst-case, safety of workers. With a proper risk assessment, vulnerabilities, risks, mitigation strategies can be evaluated and allow producers to ask: What risk are we will to accept? What will it cost to make the changes needed to feel comfortable in our risk posture? It may not be as expensive as you think to make changes, and the opportunity cost for not protecting is too great to pass up implementing even some simple measures. Determine your risk posture and protect your most vital assets.

Secure your system for the outcomes you need

Threats can come from every direction and the more layers of defense we implement, the more likely we will mitigate true risks and not become a statistic. When it comes to system security, the real goal is to improve your risk posture. Here are some important ways to get the outcomes you need:

  •    –   Producers can level up their system security by ensuring their DCS adheres to international standards. The ANSI/ISA-62443-3-3 standard provides security guidance for industrial automation and control system requirements. This standard is considered by many industrial cybersecurity experts to be the global standard for now and the future. Because it was written by multivendor/user security experts in industrial automation it has specifically addressed the idiosyncrasies of our industry.
  •    –   It’s important to partner with reputable system vendors who have built their products and systems with the intention that they can be secured as needed by end users.
  •    –   An evolving plan will be needed to properly secure your DCS. Select a plan that keeps these three favorable outcomes in mind and won‘t trap you from making the progress you need to run your business: enhanced overall security, flexibility and digital transformation.

Find a trusted partner to help you navigate cybersecurity

If you’re like many producers, you may not realize the true breadth of the threat landscape. You may not know just how vulnerable you are. Fortunately, trusted providers are looking out for their producer customers – helping them to be both proactive and reactive in the face of continuing and evolving cyber threats.


Related Articles

Changing Scene

  • Eaton Canada Welcomes Dino Alimonti as New Vice President of Sales

    Eaton Canada Welcomes Dino Alimonti as New Vice President of Sales

    Dino Alimonti has been selected as Vice President, Sales, Eaton Canada, effective July 1, 2023. In his new role, Dino will be responsible for leading, developing and executing sales strategies across key targeted industry segments. He will manage and direct the growth activities of the Sales and Channel teams as well as provide business and operational leadership to the sales teams and associated support functions. Read More…

  • Roberta Nelson Shea from Universal Robots Receives Prestigious Robotics Award for Contribution to Robot Safety

    Roberta Nelson Shea from Universal Robots Receives Prestigious Robotics Award for Contribution to Robot Safety

    For the second time within five years, a key figure at Universal Robots (UR), the Danish manufacturer of collaborative robots (cobots), has been awarded the world’s most prestigious robotics prize, the Joseph F. Engelberger Robotics Award, often described as the Nobel Prize of robotics. Following in the footsteps of UR’s co-founder Esben Østergaard, who was given the Engelberger Award in 2018 in the Technology category, Roberta Nelson Shea, UR’s Global Technical Compliance Officer received the award for Applications at a ceremony last night at the Automate Show in Detroit. Read More…

Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.

For a Multiplied Value Unified


During the last few years, the Excelpro Group has welcomed AIA Automation, Envitech Automation and Conrad Lavoie Electrical, all of which have become ‘Member of the Excelpro Group’.

It was with great excitement that in November of 2022, Excelpro announced that these three companies officially became Excelpro. This decision is part of a strategy to enhance the Excelpro Group’s brand in its market.

These companies already collaborate on various client projects. This merger brings together the complementary strengths of the employees and ensures a global synergy of the activities throughout the Group.

Read More

Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More

Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More

JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More

Latest Articles

  • Emerson Helps Optimize Innovative Recycling Process That Increases Sustainability of Waste-to-Energy Industry

    Emerson Helps Optimize Innovative Recycling Process That Increases Sustainability of Waste-to-Energy Industry

    Emerson is helping the Swedish cleantech company HaloSep to optimize their unique process that turns hazardous incinerator flue gas residue from waste-to-energy plants into usable materials. Emerson’s control technology and software is being deployed at HaloSep’s plant for optimization, research and technology (PORT) in Gothenburg, Sweden, to manage an innovative chemical separation process that recovers valuable salt, metals and minerals from fly ash. Read More…

  • Efficient Power Supplies – An Investment in the Future

    Efficient Power Supplies – An Investment in the Future

    In the search for a suitable power supply, the costs play a major role, alongside the technical requirements. The focus is often on the initial purchase price, while other potential costs that may be incurred during the operation of the power supply are not taken into consideration. In this blog post, we demonstrate why the decision to purchase a high-quality power supply is a profitable investment for your company, by taking a close look at all the costs involved. Read More…