Importance of data integrity for safety in industrial environments
It is well known that the most important factor within the process industry is the availability of the systems and environment. The plant must be running at all times. That’s why most security improvement efforts are made in that area. However, the integrity of the information and data within the industrial control systems environment can’t be neglected. Not only because we need correct data to let the process run correctly, but also because data integrity failures can lead to safety issues. More precisely to human and environmental safety.
That’s why it is absolutely crucial that the information you are sending to and receiving from your industrial environment (Human-Machine Interfaces (HMI), Programmable Logic Controllers (PLC), Remote Terminal Units (RTU), application servers, etc.) is 100% correct. That way you can make the correct decisions to control your environment or to know how to respond to events.
Imagine that information is not 100% correct. Do you think that this isn’t a (big) problem? Then read the following potential scenario’s that abuse information integrity:
What if somebody is able to change the values that are sent from the various components (PLC’s, RTU’s, etc.) to the application servers or HMI? That would mean operators get false information and might take actions that cause severe damage to the industrial installation (for example opening some valves that should remain closed while operating or starting some pumps that should remain off during a normal situation). What if a person is at that time standing next to the installation that is going haywire? What if this happens within a chemical plant or nuclear power plant?
Image that somebody tampers with the images that are displayed onto your HMI’s? They might show you that things are going wrong within the installation while in fact your plant runs smoothly. Acting on this wrong information could make your plant not run that smoothly anymore … So in this case the integrity of the images stored on the engineering system is important.
What if somebody is able to sabotage a fire detection system so that alarms are no longer passed onto the physical alarms and/or DCS environment to indicate there is a problem? You can argue that this is not that bad, until an actual fire breaks out and no detection, warning and/or evacuation signal is given. This could lead to an impact of people safety if people are around and/or within the building on fire.
These examples clearly show that the integrity of the information within an industrial control system can’t be neglected in any way. Integrity issues can cause downtime, environmental safety issues and human safety issues and should be treated as an important item on your security checklist, next to (or just below) availability.
If I got you curious, make sure to read Blackout – Marc Elsberg, a fiction story in which the integrity of a process environment is impacted, and they way that affects the environment and social life.