Cyber security incidents & their HSE impact on tank terminals

Tank terminal operations are more and more dependent on systems to operate the facility in a safe manner due to the increased complexity of OT infrastructure. The infrastructure frequently consists of integrated legacy and non-legacy infrastructure including the application of new technology like Industrial Internet of Things (IIoT), which raises the risk that a cyber security incident occurs.

Hudson Cybertec, an independent security solutions provider with full focus on the OT domain, often encounters situations where organisations underestimate their cyber security resilience. Standards like the 2700X standards developed primarily for the IT domain, are applied to the OT domain with little or no consideration for its specific environment. Reliance on existing security measures for safety instrumented systems (SIS), the usage of outdated policies and procedures all give a false sense of security.

Tank storage

CYBER SECURITY RISKS

Cyber security risks for tank terminals are present in all forms. Threats can originate from inside and outside the organisation and are continuously evolving. This means that a storage operator’s OT-domain cyber security needs to evolve as well. Tank terminal operations must be prepared by being aware of the latest threats and staff need to know what to do in case of an attack. It is recommended that cyber security is well integrated in the operation of a tank terminal. Only if this is the case can you ensure that cyber risks, including disruption in operations (loading/unloading), financial gain (stock manipulation) or industrial espionage (access to confidential data), are managed appropriately.

HEALTH, SAFETY & ENVIRONMENT (HSE)

If cyber security was not considered during the design of a tank terminal, or an organisation relies on security measures that are not up-to-date, it can leave the tank terminal vulnerable to cyber-attacks. In case of a successful hack or breach, existing HSE measures may prove inadequate.

TAKING CONTROL OF CYBER SECURITY

Tank terminals should be prepared, both on an organisational and technical level, for the latest threats and they should perform cyber security checks regularly. The international Industrial Automation & Control Systems (IACS) cyber security standard IEC 62443 provides the basis to incorporate cyber security within an organisation.

IEC

Decisions on how to implement cyber security within a tank terminal can only be made if operators know where they stand with regard to the cyber security of the organisation. As a first step to take control of your cyber security, Hudson Cybertec often performs a baseline measurement in the form of a cyber security assessment, as a starting point to improve cyber security at a tank terminal. The results of the cyber security assessment show where there are weaknesses at both an organisational and technical level. Based upon the results of the assessment, a plan of action can be formatted in order to remediate any found weaknesses. A cyber security management system can be used to ensure that cyber security is applied in a controlled manner throughout the organisation.

ONGOING PROCESS

Cyber security is an ongoing process and needs to be integrated within an organization as part of operations. This will minimise the potential of a successful attack and its potential impact. Since a cyber security incident can have an impact on primary processes and can make HSE measures inadequate, ideally it should be given the same attention as HSE. As part of the ongoing process, a regular independent review of an OT-domain against the IEC 62443 standard combined with the current threat landscape, should become part of normal tank terminal operations. This ensures cyber security policy and measures taken to mitigate the risk are up-to-date to handle current threats.

HUDSON CYBERTEC

In the spotlight

Monitoring your OT environment is essential. You know what is happening on your network and see to what extent you are compliant with various cyber security standards and laws and regulations.

IEC 62443 Standard

The IEC 62443 standard offers your organization tools to improve the digital security and safety of your IACS environment. Implementation of the standard improves the cybersecurity level of your organization's OT / ICS / SCADA environment.

The IEC 62443 is the international cybersecurity standards framework for operational technology (OT). The framework consists of a collection of standards, technical reports and related information for securing Industrial Automation and Control Systems (IACS).

read more

Hudson Cybertec’s IEC 62443 Competence Center has extensive experience with this standard. We play an active role in the development of the standard, actively promote it internationally and have developed a training program around the IEC 62443.

read more

It is becoming increasingly important for organizations to be able to demonstrate that the digital security of the OT environment is in accordance with standards frameworks. It is therefore possible to certify (parts of) your IACS environment according to IEC 62443.

read more

If you want to know more about this standard and need training on how to apply it within your own organization or at your clients, Hudson Cybertec has a number of very interesting training courses for you.

read more

The IEC 62443 standard provides organizations with tools to improve the digital security and safety of OT / ICS / SCADA environments.

read more

How digitally safe is your organization?

Curious about the possibilities? Please contact us!

Contact us

Newsletter

Sign up for our newsletter. We will keep you posted on the latest developments in our cybersecurity services.

  • This field is for validation purposes and should be left unchanged.