Cyber-physical energy system integrated security & safety

Abstract

Energy systems, defined here as chemical energy systems based on combustion or electrochemical processes, are essential for producing the materials for all our needs in daily life. Malicious physical attacks by terrorist groups or others on those systems have been known for quite a while. Since the start of the Industry 4.0 era, automation of operational technology (OT) by a cyber-physical information technology system (CPS - IT) has increased. Due to the openness of the Internet, adversary cyberattacks on the CPS can have a damaging impact on the OT with process safety consequences, which may lead to process upset and possibly disaster. To counter, measures must be introduced. These are focused on warding off attacks by installing measures to prevent damaging events and protect the OT. So far, the common protective safety measures of a process installation tend to have been treated traditionally first, while cyber-physical measures come in addition. Experts may even be distinguished in many cases into three specialist groups: existing process safety experts, physical attack experts, and cyberattack experts. The purpose of this paper is to investigate the types/characteristics of the various measures and which measures can have a multi-functional effect. Requirements for an integrated safety and security system are formulated, and characteristics of the possible threats and threat-specific measures are inventoried and described. As the integration of countermeasures to threats of a different nature is no simple matter, investment and maintenance costs, hence economic requirements, will play an important role, and planning should be based on risk assessment. No risk assessment will cover all that may happen; hence, the paper is finished by considering the ins and outs of measures to boost system resilience against unexpected and unknown threats.