Skip to main content

Survivability and Recovery of Process Control Systems

Overview (pdf)

Materials from a PCS Workshop

A Critical Challenge

Process Control Systems (PCS) are crucial to the safe, reliable and efficient operation of critical infrastructures throughout the United States and other parts of the world. These computerized systems, which typically rely on a dispersed network of electronic sensors and other smart devices, drive complex industrial processes (including petrochemical refineries and electric grids) with remarkable reliability and efficiency.

But their reliability comes at a cost: many older PCS function with few, if any, security mechanisms. PCS are thus vulnerable to the numerous cyber threats—both malicious and inadvertent—that afflict our digital world. To complicate matters, PCS increasingly rely on off-the-shelf components and well-known protocols to facilitate communication within their corporate network and also with the Internet. Such systems, while inexpensive and time-tested, are unfortunately familiar—and therefore accessible—to attackers, who can change settings, leading to industrial failure or worse.

Not surprisingly, the survivability and recovery of PCS has emerged as an area of paramount concern to national security. PCS need to be made more secure, equipped with the ability to detect and deflect intruders, and at the same time able to nimbly recover in the event of a system malfunction

Project Overview

With support from the Institute for Information Infrastructure Protection (I3P), researchers from eight leading academic institutions, federally-funded labs and non-profit organizations across the U.S. are engaged in an intense effort to increase PCS resiliency and strengthen the nation’s critical infrastructures.

The Survivability and Recovery of Process Control Systems project represents the first concerted effort to make PCS broadly resistant to cyber disruption. Researchers are developing processes and technologies to harden security and allow PCS to operate despite internal and external attacks and operator error.

Integrated into the industrial life cycle, these tools will not only preserve efficiency but will enable PCS to quickly recover should a disruption occur. In addition, Survivability and Recovery researchers are developing a suite of tools and technologies with long-term versatility that can rapidly adapt to a shifting cyber landscape, work with both legacy systems and next-generation PCS, and function within a range of industrial environments.

Moreover, because the project evolved from an earlier I3P initiative on vulnerabilities in control systems security, it benefits from an existing cadre of tools, methodologies, expertise, and relationships. Collectively, the two projects embody a wealth of critical findings relevant to the security and economic well-being of the U.S. “Infrastructure operators, who understand the seriousness of a system malfunction, frequently cite the survivability and recovery of process control systems as an area of paramount concern,” says Eric Goetz, I3P Associate Director for Research.

Working with Industry

Researchers are reaching out to industry partners from the planning to the implementation stages to make certain their proposed solutions meet real world security needs. To impart knowledge and facilitate technology transfer, researchers also regularly host workshops and interactive tool demonstrations for stakeholders.

An advisory board of industry experts is working with the team, including:

  • Steve Elwart, Director of Systems Engineering, Ergon Refining Inc.
  • Eric Cosman, Engineering Solutions Architect, The Dow Chemical Company
  • Morgan Henrie, Consultant, Alyeska Pipeline Service Company
  • Gary Sevounts, Senior Director, Industry Solutions, Symantec Corporation
  • Bob Huba, Senior Product Manager, Emerson Process Management
  • David Poczynek, Director of IT Security, Williams

Overall, Survivability and Recovery researchers are joining forces with industry partners to devise solutions that meet PCS security needs, work with the industrial life cycle and are functionally attractive to operators of critical infrastructures.

Making an Impact

The goals of the Survivability and Recovery of Process Control Systems project are to:

  • Ensure survivability of both legacy and modern platforms by developing a security-hardened system built from readily accessible standardized testing procedures and components
  • Devise a concept of operations plan (CONOPS), including procedures and best practices, to ensure system-level survivability and recovery in case of attack
  • Provide operators with a tool for identifying mission-critical network nodes, enabling them to prioritize their PCS security efforts
  • Develop tools to track and monitor the activities of MODBUS networks without disrupting normal operations
  • Develop software that specifies, implements and enforces policies to keep intruders out
  • Partner with industry to ensure stakeholder needs are met and that developed technologies will be readily adopted
  • Track other PCS research projects in the U.S. and share the information gathered with government and industry stakeholder


Information about the project can be found at:
http://www.thei3p.org/

or by contacting
Robert Cunningham, Team Leader at rkc@ll.mit.ed

 

 

Last Updated: 5/1/13