When the alarm system is no longer reliable who/what can we trust anymore?

That is, hackers have also reached the SIS/ESD of critical installations.

Those involved in process control in critical plants and with dangerous processes know them well. Are the SIS (Safety Instrumental Systems) sometimes also identified as systems ESD (Emergency Shut-down Systems).

SIS safety systems are the systems responsible for operational safety and guarantee an emergency stop within the limits considered safe, whenever a plant exceeds these limits. The main objective is to avoid accidents inside and outside the plant, such as fire, explosion, damage to equipment, protection of production and property, and most importantly, avoid damage to life or personal health and catastrophic impacts to the community. It should be clear that no system is completely immune to failure and, even in the event of breakage or malfunction, the system should be positioned in a safe condition.

This is what SIS or ESD are for: start safety procedures, and also safety shutdown, when the plant can become dangerous for the safety of people, the environment and the plant itself.

When could the plant become dangerous? When it gets out of the control of the operators: if the plant is complex, the operators almost certainly do not manage it "by hand", but are helped by an automated control system, with on-board logic managed by computer, hardware and software.

In practice and for safety/safety standards, a complex, critical and potentially dangerous system (such as a refinery or combined cycle fuel power plant) it is equipped with two independent control systems, each one usually redundant and fault tolerant.

Why two independent systems? Because in the event of problems with the main process control system, the second system can take over, which secures the process and the plant itself: precisely the SIS.

 

We then consider i SIS/ESD the “sentinels” or “guardian angels” ready to leap into action to save lives and the environment when primary control systems can no longer do their job correctly. And this could happen when this primary control system has malfunctioned and/or has been compromised or sabotaged.

We will have the opportunity to talk about dangers and solutions in the INDUSTRIAL CYBER SECURITY field at the ICS Forum, on January 30th in Milan: SUBSCRIBE FOR FREE

In a communication from the Italian CERT (and also from the US ICS-CERT) we learn of an accident ascertained in a power plant:

Security researchers have revealed the existence of a new specimen of malware, baptized TRITON (or Trisis) specifically designed to attack industrial control systems (ICS) in critical infrastructures, causing them to malfunction and interrupt the services provided.

The discovery occurred following the investigation of a computer incident that occurred against an unspecified company. Based on the evidence found, the researchers suspect that the operation was carried out by state-sponsored actors, although no attribution has been suggested at the moment.

TRITON malware provides an attack infrastructure built to interact with critical control and security platforms of type SIS (Safety Instrumented System) under the Triconex brand (Tricon, Trident, Tri-GP), distributed by the Schneider Electric company.

 

 

A SIS is an autonomous system that independently monitors the status of a process. If the process exceeds the parameters that define a dangerous state, the SIS attempts to return the process to a safe state or automatically performs a safe shutdown of the process (safe shutdown).

According to analysts, the attackers managed to smuggle TRITON malware onto a workstation industrial SIS running Windows OS, disguising it as a legitimate application Triconex Trilog, a tool employed to check the log, part of the suite TriStation. In order to activate the payload, TRITON requires that it Switch key on the rear panel of the Triconex device is in the “PROGRAM” position (see image).

In practice, the SIS system which is supposed to "save" the plant and protect the safety of people and the environment can be used to "turn off the plant".

And how se a sistem fire prevention of a building was tampered with deliberately for far clear the building itself by all the people who are inside it (this too has already been seen…).

We will have the opportunity to talk about dangers and solutions in the INDUSTRIAL CYBER SECURITY field at the ICS Forum, on January 30th in Milan: SUBSCRIBE FOR FREE

REFERRAL LINKS