(41a) Analyzing Case Histories of Process Plant Disasters to Develop Chemical Process Cybersecurity

This presentation will review worst case plant disasters and map a cyberattack scenario that would have a similar outcome. The resilience of a chemical process facility to such a cyberattack will depend on the observations and responses of operations personnel. There are responses that can avoid cyberattack consequences similar to how correcting mistakes could have prevented process plant disasters. The software capabilities that have already been demonstrated in previous attacks such as Triton will be assumed. Information gathering activities that would necessarily precede such an attack will be discussed. Some aspects of the resilience of a chemical process operating facility will depend on how operations responds, so a description of how the attack might look from an operations perspective will be considered.

There is a growing chemical process OT cybersecurity threat landscape as evidenced by the Triton malware discovered at a Saudi Arabian petrochemical plant in 2017. In this incident attackers compromised chemical process OT Windows systems connected to both the basic process control system and the safety systems. The Triton incident was discovered due an inadvertent bug in the safety system malware that caused the plant to shutdown instead of disabling the safety system. It is only a question of time until another attack on a chemical process OT with the goal of bring down the safety systems and causing a disaster.