Cyber security musings: a watched kettle can sometimes boil unexpectedly

26 April 2018

The humble domestic kettle might seem an unlikely centrepiece for an EEMUA seminar session, but cyber security is a very different type of industrial topic. The kettle in question was wi-fi enabled and controllable from a smartphone. Quirky you might think, but also a very easy route into a wireless network. And so it proved in a demonstration from some specialists in penetration testing during EEMUA’s Industrial Cyber Security Seminar. 

Other talks, though not so jaw-dropping, highlighted many other aspects where industry as a whole, not just users, needs to improve. Threats also aren’t limited to high-tech software attacks. There were several examples of the weaknesses of existing card entry systems that can make redundant even the toughest of physical security barriers.

The UK Health and Safety Executive is certainly focussing more on cyber security. The regulator plans formal inspections on the topic at various COMAH/Seveso III sites from May 2018. The results from its trial inspections, which were shared with delegates, were concerning to say the least. Clearly, industry in the broadest sense needs to give more attention to this area.

Hindsight is a wonderful thing of course, but concerns can be reduced by considering cyber security early on in a new project or major modification. It’s clearly worth revisiting design concepts, such as Layers of Protection Analysis (LOPA), which don’t reflect the threat that all the protection layers could fail at the same time under cyber attack. Standard risk assessments also don’t tend to consider multiple failings or malicious intent as credible.

That said – it isn’t all doom and gloom! Importantly, many steps to reduce the risk of cyber attack are relatively simple to take. EEMUA has produced a number of cyber security checklists and an assessment process, all of which are downloadable for free from the EEMUA e-shop.

As well as running regular events and webinars, EEMUA has a thriving Cyber Security Forum where members can meet and discuss their experiences and approaches in a confidential environment. An EEMUA e-learning course on cyber security for industrial sites is nearing release and other projects are planned. If you are an owner/operator and would like to join EEMUA’s efforts in this area, please contact Technical Executive Edward Kessler in the first instance.

For my part, making the tea just won’t seem the same again!