Ian Elsby, Siemens Digital Industries, Head of Chemical Industry
The UK’s chemical industry has made rapid strides in using digitalization for enhancing the productivity of its physical assets, as part of efforts to keep pace with the Industry 4.0 revolution. Many plants have succeeded in linking physical infrastructures to digital networks and there are ongoing efforts to intensify this inter-connectivity. These technological advances, such as Industrial Internet of Things (IIoT) have in the process brought in some serious challenges. As these systems are vulnerable to attacks and hackings, every industry is challenged to put in place multiple measures for ensuring cybersecurity.
The current situation at several chemical plants and their process machines or their processes is that they are not necessarily inter-connected. They are facing what is referred to as a ‘business silo’, a situation where each department works independently, without sharing information with others.
This is where digitalisation comes in. We start bridging those business silos and link them to the outside world, enabling remote access and visualisation for users in all parts of the world at different sites.
As the plants get digitally connected to the internet and the outside world, they are exposed to cyber-attacks or hackings. This highlights the need to ensure cyber security, a whole new and critical area. Cyber security is an inclusive process that complies with globally accepted security standards. Effective protection against cyber-attacks cannot be achieved through one-time implementation of measures; it is rather an ongoing process. The risks may vary depending on individual plant’s systems that are not connected to each other and are having two or three different machines or processes running simultaneously. This would involve plant-by-plant and machine-by-machine discussions pertaining to the inter-linking of the assets.
What needs to be borne in mind in a chemical plant is that there is a chemical or biological transformation and/or separation of materials, which may be hazardous. This underlines the need for utmost caution in preventing cyber-attacks, as part of smooth functioning of a chemical plant.
In the UK there are many plants that are fully digitalised, but there are many others that have yet to adopt digitalisation. Each of these plants have different levels of complexity in terms of processes, the number of products they manufacture, the number of recipes they have, and the number of mixing vessels used. Perhaps, these are some factors that hinder the adoption of new technologies. However, one of the main factors that prevent the
industry from fully accepting digitalisation is concerns of cybersecurity. It does not have to be the case.
At the Siemens’ Digital Talks conference held in Liverpool earlier this year, there was a healthy debate exploring the challenges and opportunity that digitalisation brings to the sector. These conversations with industry peers only helped underline the sector’s need for adopting robust cybersecurity systems. Digitalisation and IoT have been identified by the UK’s Chemistry Council as two of the key strategy levers to accelerate innovation-led growth in the chemical industry.
Cyber threats fall into the bracket of risks and vulnerabilities. They come in various forms, such as viruses, malware, ransomware and hackings. Hackers are employed by rogue companies to infect with either a worm or ransom ware. They identify the weaknesses in any system and if you have a legacy plant with older Windows operating systems that are not patched or updated, the hackers find routes to break into the network. What chemical companies are doing today is something called airgap, which effectively means they remove the ability of a process to remain fixed to the internet, which solves part of the problem. It just means that there is no physical connection between the asset and the internet.
But this is not enough. There is much more that needs to be done by plant owners. What is highly recommended is an advanced in-depth approach by conducting a cybersecurity gap analysis survey. This involves a thorough infrastructure assessment of the different technology layers. Based on the outcome of the report, a list of vulnerabilities is then identified. It is a step in the direction to nullify the risks by installing latest technologies, firewalls and managed cybersecurity services.
Global industry standards, such as the IEC 62443, then come into play. This should be implemented both at hardware and software levels, or else the adoption of digitalisation could be left open to cyber threats. Additionally, complying with the UK’s ISO standard 27001 is equally important.
The industry takes cyber security very seriously and in line with this, Siemens initiated the Charter of Trust at the 2018 Munich Security Conference. This was created with eight other partners and called for greater cybersecurity, as it stands now it has grown to 16 members with the first Asian company, Mitsubishi Heavy Industries (MHI) signed up in February 2019. Signatories include AES, Airbus, Allianz, Atos, Cisco, Daimler, Dell Technologies, Deutsche Telekom, IBM, NXP, SGS, Total and TÜV Süd.
In addition, the charter has attracted the German Federal Office for Information Security, the CCN National Cryptologic Center of Spain and the Graz University of Technology in Austria as associate members.
But beyond this, it is important that a stringent and strategic assessment of the chemical plant adopting digitalisation will help identify the plant owner’s individual problems. It will pinpoint the plant’s requirements, including installation of multiple levels of security, firewalls, managed security and latest technology. This process is called defence-in-depth approach to cybersecurity, rather than a single solution.
While we discuss cybersecurity, we cannot ignore cloud based IoT control systems. These are now becoming an industry norm and will continue to be the driving force and an integral part of digitalisation.
The advanced cloud-based solutions are excellent tools for analytical investigation and monitoring. So, within the cloud, the condition of industrial motors, drives or other assets can be monitored remotely. The algorithms can give the customer insights into how those assets are performing or where they may fail, leading to preventive maintenance, which helps in identifying a breakdown before it happens.
Prevention, as everyone knows, is the best form of defence. In cybersecurity, installing the best technology to monitor and asses any external inference is the most critical step. Another newly developed solution that allows seamless digitalisation is the setting up of a digital twin. It allows the team to work both online and offline on a plant.
Cybersecurity forms the key element of digitalisation. It is a comprehensive process that affects all parts of the plant and requires continuous auditing and monitoring. The plant owner is always responsible for IT security. Even if the operation is outsourced in whole or in part, the plant owner is the one who finally remains accountable. Therefore, ensuring cyber security by adopting advanced technology is in the best interests of all stakeholders.