Introduction
A majority of the organizational processes depend on information flow. Water supply, electricity supply and haulage are some of these processes. Organizations must have industrial control systems to monitor and manage these processes. An organization “can never be fully in control of its business environment” (Denis, 2005, p. 311). Further, the current state of technological growth exposes organizations to multiple external threats that are not only hard to detect but also beyond the control of the organizational leaders. Consequently, organizations encounter business continuity risks at one point or another. Businesses should have control systems that can detect and respond to the continuity threats. A majority of the corporate leaders believe that the size of a corporation makes an institution immune to disasters. Thus, they overlook the need for an industrial control system. Other leaders use insurance to cover potential catastrophes. They do not recognize that insurance can never cover tarnished brand, ruined reputation, and lost market, which are critical to the success of an organization.
Experience shows that it is the “less dramatic but more frequent business continuity incidents that can be even more problematic to deal with” (Denis, 2005, p. 314). In most cases, corporations and individuals forget business continuity incidents with time. They only remember the events when another threat emerges. In such a situation, some people tend to use the lessons learned from previous incidents while others result to blame game. The primary factor that makes it hard for organizations to respond to business continuity challenges is the lack of control systems. Unfortunately, most organizational leaders believe that their institutions cannot face continuity crisis or disasters. Others believe that they are capable of overcoming all sorts of catastrophes and do not require installing an industrial control system (ICS). They only realize the importance of a disaster response mechanism when it is too late.
Background
In the past, “process control operators used distinct, dedicated networks to ensure the isolation of monitoring and control functions from externally connected networks” (Kuipers & Fabro, 2006, p. 17). Institutional managers emphasized on the physical detachment of the networks. Thus, there were limited concerns about the safety of data in network design. The managers believed that the data was secure since it was inaccessible. Institutions used physical security such as fences, stable doors, and guards to protect essential system environments.
Nevertheless, the rise of the internet altered this mode of the safety system. Presently, a majority of the organizations use control systems that run on public networks. Internet connectivity enables organizations to monitor and manage processes remotely and liaise with all stakeholders. The growth in the scale and size of organizational operations has resulted in the use of off-the-shelf software for management purposes. Most corporate applications such as accounting, resource planning and correspondences share network resources and use unprotected system (Kuipers & Fabro, 2006). Consequently, the applications are prone to external threats that might hamper the continuity of business. Kuipers and Fabro (2006) maintain that it is imperative to have an industrial control system that guarantees the continuity of an enterprise in the event of a disaster or crisis.
Statement of the Problem
Research shows that the proliferation and continuous use of the internet put organizations to numerous risks. For instances, cases of cyber attacks are on the rise worldwide. In 2008, criminals hacked into Electric grid system making it hard for the distribution of electric power to numerous areas outside the United States. In 2007, a criminal hacked into a water diversion system thwarting the effort by the authority to redirect water from the Sacramento River. These are just some of the incidents, which prove that despite the numerous benefits of using the internet, it subjects institutions to various threats. Failure to have a disaster recovery mechanism may hamper the continuity of the business. Thus, the problem addressed in this study is how to have a clear strategy to ensure the availability of the industrial control system in the case of any disaster.
Purpose of the Study
The primary objective of this study is to guarantee the safety of staff and enhance the defense of the TAKREER industrial network. The study aims at establishing a strategy for ensuring the availability and restoration of industrial control system in the case of crisis or disaster. From a marketing perspective, the study aims at protecting the image and reputation of TAKREER by minimizing the effects of business continuity events like disasters or catastrophes on the control system in Ruwais Refinery.
Rationale
Organizations are aware of the dangers of cyber attacks and natural calamities to the continuity and growth of the business. Nevertheless, many organizations do not have disaster recovery mechanisms because their leaderships believe that they are capable of surmounting any threat. By focusing on disaster preparedness strategies, this paper will help the organizational leaders to appreciate the need for having a readily available industrial control system.
Project Issues
The primary issues of this study include:
- Identifying how organizations can prepare to respond to a looming disaster
- Determining the various ways that organizational leaders can identify and respond to potential crisis before they arise
- Determining how institutional managers may maintain the continuity of business in case of a crisis
- Identifying potential threats, evaluating their effects and establishing the appropriate business continuity measure to adopt
Nature of the Study
The objectives of the study will be accomplished by identifying and analyzing numerous strategies that might help to sustain business continuity in the event of a crisis. Besides, the researcher will conduct an exploratory research to determine the available literature that explains how organizations can ensure the availability of an industrial control system in the case of a catastrophe.
Significance of the Study
The primary importance of this study is to provide organizational leaders with skills in how to establish and maintain an efficient industrial control system. The study will identify numerous approaches that institutions can use to ensure the availability of an industrial control system. Besides, the study will endow institutional managers with skills in how to identify potential dangers that might affect an organization and come up with appropriate measures. Apart from the professional significance, the study will act as an eye opener to learners. The learners will have a chance to understand the implications of using unprotected networks as well as the threats of Internet connectivity to organizations and personal safety.
Definition of terms
- Firewalls: refers to a “system designed to prevent unauthorized access to or from a private network” (Byres & Lowe, 2006, p. 45).
- Malware: the short form for malicious software. The term malware is used to represent worm, spyware, and virus. These are applications designed to spoil personal computers.
- Cybersecurity: it refers to “technologies and processes designed to protect networks, computers, programs, and data from attack or unauthorized access” (Byres & Lowe, 2006, p. 51).
Assumptions and Limitations
The researcher began this study with the notion that they had no experience in management of industrial control system. The perception enabled the researcher to do a comprehensive study. Besides, the researcher assumed that all the responses gotten from the participants were correct. One of the limitations of the study is that the findings were judgmental. The researcher was bias in compiling the results. For instance, the investigator assumed that the participants shook their heads to confirm agreement with a statement. The sample group used for the study was not selected based on probability bias. Hence, the findings might not have captured the absolute reality on the ground.
Literature Review
As industrial control systems become multifaceted and linked to “business and external networks, the number of security issues and the associated risks grow” (Herbane, Elliott, & Swartz, 2004, p. 439). The numerous criminals that target varied facets of the control systems may result in attacks that are implemented at different intervals of time and focus on multiple vulnerabilities. An organization cannot rely on a single countermeasure to mitigate all potential attacks. Businesses should have numerous countermeasures that can distribute threats over a collection of security mitigation mechanisms to ensure the availability and safety of an industrial control system.
One of the greatest mistakes that corporate leaders commit is assuming that their industrial control systems are not linked to the internet. Thus, most security systems target business processes and overlook other critical process systems (Herbane et al., 2004). Indeed, many organizations have patchy security systems that leave them vulnerable to attacks. The institutions overlook multiple forms of connection like internets, dial-up modems and enterprise networks that are prone to hacking. One good example where a patchy security system had dire consequences was the occurrence of the “Slammer” worm attack (Herbane et al., 2004). The worm targeted essential infrastructures like air traffic control, emergency services and automated teller machines (ATMs). The attack was difficult to detect as it was very swift. An analysis of the attack showed that it was perpetrated via corporate network, which was hard to suspect.
One way that organizations can ensure the availability of an industrial control system in the case of a disaster is by using many layers of defense to fight different security issues. Such a strategy is known as defense-in-depth. A good example of vulnerability that can be handled using the defense-in-depth technique is a buffer overflow. The defense-in-depth strategy entails installing necessary security procedures to the system, and operation and host functionalities (Bakolas & Saleh, 2008). Besides, it involves ensuring that all security activities are synchronized to offer a holistic protection to an entire organization.
The basic doctrines of the defense-in-depth strategy include understanding the safety needs of an organization and enumerating the potential dangers. For an industrial control system to work effectively, an organization should have an understanding of the existing risks. Individuals understand the risks for an industrial control system by identifying the dangers and susceptibilities that face a corporation. Thus, to guarantee the availability of a productive industrial control system, leaders should conduct a meticulous risk assessment. Risk assessments are an essential foundation for delineating, appreciating and developing counteractive efforts against definite disasters and vulnerabilities (Stouffer, Falco, & Scarfone, 2011).
Organizations should bring together a cross-functional team to accomplish the goals of safeguarding an industrial control system. The team should comprise staff from different departments. It should include “at least one executive level manager, security and operations managers, and complete participation from control system engineers and managers” (Merchant, 2005, p. 98). Moreover, the team members should train in primary elements of industrial control systems and have knowledge in prevailing security problems and threats that the institution needs to handle with respect to its infrastructure. Most workers believe that purchasing off-the-shelf safety system may guarantee security and availability of an industrial control system (Bakolas & Saleh, 2008). Nevertheless, this might not happen as the majority of the systems suffer from technical limitations. It underlines the reason an institution like Kaspersky Lab uses a protected operating system that focus on all security issues.
Another strategy for guaranteeing the availability of industrial control system in the case of disaster is the use of firewalls. Firewalls are effective in protecting organizational networks from unauthorized users and preventing the damage of a control system (Merchant, 2005). Many organizations use firewalls to protect their external connection points. One way that TAKREER can guarantee the safety of its industrial control system is by installing two sets of firewalls from different vendors. The firewall should abide by the established security regulations but run in a joint area of the network. Such an approach would help to mitigate chances of firmware security holes. Running two firewalls on a shared network infrastructure paves the way for an organization to repair a faulty firewall, therefore preventing an attack that intend to take advantage of that fault.
The only disadvantage of using two firewalls is that they can result in an increase in operation and managerial cost. However, the enhanced protection surpasses the effort of running two firewalls. Well-configured firewalls can go a long way towards ensuring the availability of industrial control systems (Bakolas & Saleh, 2008). Institutions should limit communications to what is essential for a system to operate. Besides, they should evaluate the communication paths that originate or end at certain zones to ensure that they are secure. No communications default should work until certain regulations are set. The laws should consider both inbound and outbound traffic. A majority of the system administrators forget to filter what originates from a network, therefore exposing the system to potential attack. Thus, the administrators should ensure that outbound traffic is devoid of all unnecessary communication.
Conventionally, the “role of firewalls in defending networks is straightforward” (Byres & Lowe, 2006, p. 32). For instance, a criminal that intend to hack into an industrial control system requires acquiring data from and sending commands and files to the system’s network. For a hacker to manipulate any exploit code working on an industrial control system, they have to launch a return connection from the control network. To guarantee the safety and reliability of an industrial control system, organizational leaders should ensure that the exploit code does not enable the hacker to access advanced functionalities of the system. The code should only grant the hacker access to the target computer. In other words, the exploit code should be structured in a way that the hacker has to supply additional information before they can attack the system. By effectively filtering the outbound traffic, it would be hard for the attacker to launch a return connection, therefore being unable to detect and manipulate the exploit code (Stouffer et al., 2011).
The security of any system depends on three critical attributes. They are integrity, confidentiality, and availability. In the case of information technology (IT) domain, hackers target proprietary data. Therefore, the security of the IT domain is pegged on confidentiality. On the other hand, in the industrial control system, hackers work hard to destabilize assets. A majority of the industrial control system incidents arise inadvertently as a result of lack of efficient security policies or information integrity. Thus, it is imperative to emphasize on availability and integrity. There is a need for a change of corporate culture. Organizations need to handle security like they deal with safety and performance. Besides, the senior management has to initiate a campaign aimed at ensuring cybersecurity (Byres & Lowe, 2006). Cybersecurity is essential to a secure and reliable industrial control system. At times, industrial control system fails due to inefficient design, inappropriate testing, and inadequate cybersecurity procedures.
In 2006, workers at “Tennessee Valley Authority’s Browns Ferry Unit 3, manually scrammed the nuclear power plant due to loss of the primary reactor recirculation pumps” (Byres & Lowe, 2006, p. 36). Later, it was said that the incident happened as a result of the failure of the variable frequency drive controllers. The controllers failed due to “disproportionate traffic on the plant’s integrated computer systems network; an event known as a “broadcast storm”” (Merchant, 2005, p. 112). The incident at the Browns Ferry Unit 3 confirmed the importance of appropriate testing and efficient cybersecurity procedures to the success of an industrial control system. For an organization to ensure the availability of an industrial control system in the case of a disaster, it should have efficient forensic capabilities. The problem of the broadcast storm does not affect only the nuclear facilities. Numerous non-nuclear facilities have suffered from the problem affecting their productivity and continuity.
Mostly, hackers focus on an attack path that digs deeper into the architecture of a control system. Starting from the “external environment, an attacker moves past perimeter devices and ultimately strive for access to both the network and hosts on the network” (Bai & Kobayashi, 2003, p. 711). An attacker may use field gadgets to attack the vulnerable regions of industrial control system architecture. After they gain access to the target network, the attackers may then attempt to gather intelligence through scouting and try to compromise additional apparatus of the system.
An attempt to hack into a control system would trigger suspicious and unlawful activities that are possible to monitor and mitigate. Organizational leaders can use intrusion detection systems to ensure the availability and effectiveness of an industrial control system. Intrusion detection systems comprise numerous procedures and tools that help to monitor the activities that take place in a network (Bai & Kobayashi, 2003). Implementing many processes and tools amounts to establishing a defense mechanism that not only safeguards the industrial control system but also detect and act on possible attacks.
Structure and Method of Investigation
Description of Investigation
The researcher achieved the objectives of the study by conducting an exploratory study. The concept of the management of industrial control system is fairly new. Therefore, the researcher had to gather adequate information about the concept before compiling the report. One of the reasons for conducting an exploratory study is that the researcher got an opportunity to enhance knowledge of the research topic. The study enabled the investigator to understand how organizations manage the industrial control systems and the challenges that they encounter.
Moreover, the exploratory study gave the investigator a chance to evaluate different recommendations and settle at the most feasible. Stouffer et al., (2011) maintain, “Exploratory research assists researchers to find potential causes of the signs or symptoms conveyed by decision makers” (p. 71). Therefore, through exploratory studies, the researcher came up with a list of potential threats to an industrial control system. The list paved the way for further study to determine which threats are most prevalent and have severe repercussions. The exploratory study uses numerous methods of data collection. Therefore, the researcher was at liberty to choose the methods that suited the study.
Design of the Study
The investigator used many methods of data collection to compile the report. The methods included focus groups and observation. Apart from focus groups and observation, the investigator also researched for information from secondary sources. The researcher used peer-reviewed journals and books that discuss crisis management. The reason for sourcing for secondary data from journals was to help the researcher identify the areas to focus on when administering interviews. The data collected from the secondary sources offered a basis for comparing the primary data.
The researcher administered interviews on a small group of employees from Abu Dhabi Oil Refining Company. The group comprised 15 workers from different departments. For one to join the group, they had to have worked with the company for at least one year. The participants were required to respond to questions regarding the company’s industrial control system. They were to outline the risks that the company’s industrial control system faces and their effects. Also, the participants were asked to explain how they protect the company’s industrial control system from external attacks.
Besides, individuals working in the company’s information technology department were invited to describe how they ensure that the industrial control system remains uninterrupted in case of disasters. The researcher wanted to know if the company evaluates the control system on a regular basis to enhance its effectiveness. The participants from the information technology department were asked to explain what they are doing not only to fortify the company’s industrial control system but also their plans. By using focus groups, the researcher did not only save time but also gathered a lot of information. It was easy to get clarification from the participants and to avoid extreme views.
The researcher worked at Abu Dhabi Oil Refining Company for two weeks. The primary objective of working at the company was to observe the challenges that the company’s industrial control system goes through and how they are handled. The researcher spent the two weeks in the company’s information technology (IT) department. The department handles management of the industrial control system. Hence, the researcher had time to observe the security protocols that the company has laid down to protect its system. Furthermore, the researcher monitored the company’s IT experts to find out how they respond to external threats and ensure that the industrial control system remains functional in case of a disaster.
Results of the Investigation
The industrial control system that Abu Dhabi Oil Refining Company uses was developed long before the discovery of the internet and launch of public and private networks. The industrial system relies on customized software, hardware, and communication guidelines. The participants agreed that the company’s control system did not have protected communication capabilities. Despite the absence of protected communication capabilities, the system was connected to the external network. The researcher discovered that the company’s industrial system was subjected to numerous vulnerabilities. The IT experts said that they were in the process of formulating procedures and policies to mitigate risks. The company did not have security policies or safety implementation guidelines. Thus, it was hard for the IT department to control or monitor the activities within the system. The IT experts claimed that they had regulations that governed the use of passwords and directed on how to connect modems to the system.
The company’s industrial control system suffered from platform vulnerabilities. The researcher identified numerous flaws in the system. Besides, the ICS applications, hardware, and operating systems were poorly maintained. The participants said that they used antivirus software and performed operating system patching to secure the network. Besides, they used default configuration. The IT experts lamented that they had limited backup for critical settings. Therefore, it was hard for the personnel to restore the industrial control system in the case of a disaster. The company did not have adequate access control mechanisms. As a result, a majority of the ICS users had a lot of privileges. It became hard for the IT experts to detect the origin of an attack. Even though the IT personnel claimed that they secured the control center, it was poorly done. The investigator found that the company had limited number of employees to secure critical systems.
Abu Dhabi Oil Refining Company’s industrial control system suffered from immense network vulnerabilities. The researcher found that the company used weak administration techniques. Besides, the system was poorly connected to other networks. The participants claimed that they modified the network infrastructure to meet emerging operation requirements. Nevertheless, they never considered possible weaknesses that might arise as a result of altering the network. Even though the company used firewalls to protect its industrial control system, a majority of them were inappropriately configured.
Therefore, it was easy to transmit unnecessary data through the system. After analyzing the system in collaboration with the IT experts, the researcher discovered that the system was infected with multiple malware. Staff in the IT department said that they had confidence in the ability of the industrial control system to overcome external attacks. Consequently, they rarely monitored the system to identify unauthorized access or failures. It underlines the reason why some of the participants stated that the system became slow or failed to work at times.
Analysis
Even though the industrial control system of Abu Dhabi Oil Refining Company has never suffered from external attacks, it would be hard for the company to maintain or promptly restore the system in the case of an attack. The absence of adequate security policies leaves the system vulnerable to external attacks as well as internal exploitation. Lack of a strong antivirus software leads to the system being slow. The weak antivirus used to protect the system cannot withstand modern viruses that are designed to circumvent security measures. Lack of adequate backup makes it hard for the company to ensure that the industrial control system remains operational at all times. Besides, it is hard for the business to recover lost data in case of an attack.
Poor connection exposes a system to external attacks. Abu Dhabi Oil Refining Company’s network is susceptible to external attacks as the system is poorly secured. Moreover, regular modification of the system makes the network weak. Information technology department has the duty to analyze a system after every alteration to ensure that it is secure. Poorly configured firewalls allow redundant information to transit between systems. Therefore, the system becomes inefficient due to high traffic. Failure to monitor the industrial control system leads to incidents going undetected, therefore disrupting the normal operations of the system.
Recommendations
Abu Dhabi Oil Refining Company should formulate stringent implementation policies to guide the use of industrial control system. Moreover, the company should come up with corporate security policies to regulate system maintenance. The company must perform application and operating system patching on a regular basis to mitigate platform vulnerabilities. Also, the company should purchase modern antivirus software that is capable of detecting all forms of viruses. To alleviate network vulnerabilities, Abu Dhabi Oil Refining Company should invest in security controls like defense-in-depth system design. Besides, it is imperative to encrypt network communications to avoid possible interruptions. Restricting and redistributing network traffic flows will go a long way towards enhancing the efficiency of the industrial control system.
References
Bai, Y., & Kobayashi, H. (2003). Intrusion detection systems: Technology and development. Advanced Information Networking and Applications, 3(2), 710-715.
Bakolas, E., & Saleh, J. (2008). Augmenting defense-in-depth with the concepts of observability and diagnosability from control theory and discrete event systems. Reliability Engineering & System Safety, 96(1), 184-193.
Byres, E., & Lowe, J. (2006). The myths and facts behind cyber security risk for industrial control systems. Burnaby: British Columbia Institute of Technology.
Denis, S. (2005). Business (not) as usual: Crisis management, service recovery and the vulnerability of organizations. Journal of Services Marketing, 19(5), 309-320.
Herbane, B., Elliott, D., & Swartz, E. (2004). Business continuity management: Time for a strategic role. Long Range Planning, 37(5), 435-457.
Kuipers, D., & Fabro, M. (2006). Control systems cyber security: Defense in depth strategies. Idaho: Idaho National Laboratory.
Merchant, K. (2005). Modern management control systems: Text and cases. Upper Saddle River: Prentice Hall.
Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to industrial control systems (ICS) security. New York: National Institute of Standards and Technology.