Analysis of Cybersecurity-related Incidents in the Process Industry

Abstract The digital transition in the process industry is characterized by a high level of automation and an increasing connection with external networks, which makes facilities vulnerable to cybers-threats. A cyber-attack, beside economic and reputational damages, can potentially trigger major events (e.g. releases of hazardous materials, fires, explosions) with severe consequences on workers, population, and the environment. In the present study, the cybersecurity-related incidents that occurred in the process industry and in similar industrial sectors (chemical, petrochemical, energy production, water/wastewater treatment) were investigated. The aim of the study is to frame a clear picture of the cyber-attacks on the automated control systems of process facilities and to issue lessons learnt from past incidents. The study is based on the development and analysis of a database of 82 cybersecurity-related incidents gathered from various sources. Time trend, geographical distribution, distribution among the industrial sectors, impacts of the incidents, and nature of the cyber-attacks (attacker, intentional/accidental type, system infected) were investigated. The analysis of a sub-set of more detailed incidents allowed the identification of the general steps of a cyber-attack on automated control systems of a process facility, the main hacking techniques used by the attackers and the more common cybersecurity countermeasures applicable to the prevention of a cyber-attack.