As if hacking the SIS isn’t bad enough, operators of the Ukraine power grid had a surprise one day when they lost complete control of their grid. At one point in the article referenced[ii]discusses the operator watching the mouse cursor start moving on its own and disconnecting a substation while the operator tried to seize control to no avail. We know how that ended.
But, I want to get back to minimizing the risks, so a hack becomes an inconvenient problem and we can recover.
Hazards of Operability Studies (HAZOP) and engineering studies like Layer of Protection Analysis (LOPA) and Quantitative Risk Analysis (QRA), are designed to identify initiating events and potential outcomes associated with operating a process and then calculate the risk to people, environment and assets. By looking at the cybersecurity problem from a process safety perspective, we can reduce the infinite potential outcomes and attack vectors allowing us to focus on significant scenarios and design systems so an attacker with complete control of a process can only mess it up, not blow it up.
Returning to that hacker attack on your pump station… If the plant was designed properly, the result of the attack will be a minor business interruption while the control system is reset, and the pump restarted. If the plant was not designed properly, the result could be rupture of the pump discharge piping, fire, and explosion with attendant potential impacts to personnel in the area, environmental damage due to spilled materials, massive equipment damage, and a prolonged business interruption.