Cybersecurity threats on the industrial automated control systems (IACSs) are becoming a growing concern for the industrial facilities, and in particular for those where large quantities of hazardous substances are stored or handled (i.e. Seveso sites in Europe). Cyber-attacks on the control (BPCS) and safety instrumented (SIS) systems of Seveso plants may have consequences comparable to those of conventional major accidents due to internal causes. While consolidated approaches exist to manage and control the cybersecurity of IT and OT systems of a facility, there is an evident lack of procedures for assessing the actual link between malicious manipulations of the OT system (BPCS plus SIS) and the major accidents that can be triggered. In the present study a specific methodology (PHAROS) was developed to address the identification of major accident scenarios achievable by remote manipulation of the plant physical components. The methodology exploits a reverse-HazOp concept and it also supports the definition of the specifications for the design and management of barriers aimed at the prevention and mitigation of such scenarios. The application of PHAROS to a demonstrative case study evidenced first that both the BPCS and the SIS typically need to be attacked in order to induce major accidents, and second, that passive/inherent safeguards have a key role with respect to the success of the considered malicious attack in case they are properly designed.
A systematic procedure for the identification of major accident hazards induced by malicious manipulations of the control and safety instrumented systems
Iaiani M.;Tugnoli A.;Salzano E.;Cozzani V.;
2020
Abstract
Cybersecurity threats on the industrial automated control systems (IACSs) are becoming a growing concern for the industrial facilities, and in particular for those where large quantities of hazardous substances are stored or handled (i.e. Seveso sites in Europe). Cyber-attacks on the control (BPCS) and safety instrumented (SIS) systems of Seveso plants may have consequences comparable to those of conventional major accidents due to internal causes. While consolidated approaches exist to manage and control the cybersecurity of IT and OT systems of a facility, there is an evident lack of procedures for assessing the actual link between malicious manipulations of the OT system (BPCS plus SIS) and the major accidents that can be triggered. In the present study a specific methodology (PHAROS) was developed to address the identification of major accident scenarios achievable by remote manipulation of the plant physical components. The methodology exploits a reverse-HazOp concept and it also supports the definition of the specifications for the design and management of barriers aimed at the prevention and mitigation of such scenarios. The application of PHAROS to a demonstrative case study evidenced first that both the BPCS and the SIS typically need to be attacked in order to induce major accidents, and second, that passive/inherent safeguards have a key role with respect to the success of the considered malicious attack in case they are properly designed.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
