Protecting Against Bad Chemistry (with Cybersecurity)

Do you recall one of the first really fun chemistry experiment you performed as a child?  If your school followed the usual curriculum, then you probably made a model volcano and then added some baking soda to the opening, followed by the addition of vinegar.  A variation of this experiment was to add the ingredients to a plastic bottle, then stretch a balloon over the mouth of the bottle to watch the balloon inflate with carbon dioxide gas.

These early experiments showed us that science, and specifically, chemistry, can be interesting, and exciting.  On a small scale, many household chemical combinations can create dangerous reactions, as indicated on the warning labels.  On a larger scale, the chemical industry occupies one of the 16 sectors of critical infrastructure.  Every aspect of chemical production, use, transportation, and storage are covered as part of the chemical sector.

Chemical plants are susceptible to many physical hazards.  For example, some recent accidents indicate just how rapidly a minor problem can escalate to fatal proportions.  In early days of chemical production, some novel – and by today’s standards – comical devices, such as the single-legged chair for nitroglycerine operators, were invented to prevent chemical accidents.  Fortunately, mechanisms to protect chemical production have come a long way. 

Regulation and Protection

Today’s chemical plants are highly regulated.  Whether it is the production of inert or caustic chemicals, or intentionally explosive compounds such as gunpowder, numerous agencies oversee various aspects of chemical manufacturing.  There are even regulations governing the safe maritime, ground, air, and rail transportation of chemicals.

The protection of chemical plants and products also stretches into the cyber realm.  Chemical production, as well as the consumer products created from those chemicals, is a very exact science, and any tampering along the manufacturing chain can result in tainted, or harmful results.  Many product recalls are the results of unwanted compounds inadvertently added to consumer products.  From a systems security perspective, one has to wonder if these accidents are the result of oversight, or carelessness?  Either way, it would seem that some safety mechanisms were missed along the way.

With all of the automation that is used in the production of chemicals, the security of the systems controlling that automation is vital.  Beyond the automation controls, basic system configuration monitoring must be diligently observed.  The ability to detect an unwanted change in a chemical mixing system can be the early warning necessary to avert a disaster.

A great way to do this is by using a tool like Tripwire Enterprise to monitor the configuration of the automation controls in your organization. It is easy to setup a configuration policy to match the known good configuration of that automation system and monitor if there are any deviations to that policy. If the system ends up being changed, an administrator or operator can quickly assess the impact to the system and revert the change. Thus, minimizing damage and impact to the plant and everyone’s safety.  This can keep chemistry fun and exciting, and also safe.

The post ” Protecting Against Bad Chemistry (with Cybersecurity)” appeared first on TripWire

Source:TripWire – Irfahn Khimji