During planned plant shutdowns, cybersecurity is often overlooked. In today’s threat landscape, however, it is essential to incorporate cybersecurity into the shutdown process. Plant shutdown activities are hectic and require engagement from all stakeholders to make sure all objectives are met and the plant is reactivated safely. But here is the take — the ultimate objective, besides safety, shall also include security.

Use Plant Shutdown Periods to Strengthen Cybersecurity Posture

Planned plant shutdowns offer a great opportunity to incorporate critical cybersecurity measures that cannot be acted upon during typical plant operations. Some key elements that can be addressed during shutdown include:

Installation of Critical Security Patches to OT Systems

During planned shutdowns, critical security patches can be installed that cannot be done during normal plant operations due to the risk of operational disruptions.

Upgrading Legacy or Outdated Systems and OS

It is not advisable to upgrade legacy systems or outdated OS machines during normal plant operations. During a plant shutdown, such activities can be planned without the fear of interrupting plant operations.

Upgrading Plant Network Design and Network Device Rules

When networks are down during planned shutdowns, activities can be planned where critical design or network device rules can be changed without impacting plant operations.

Key Cybersecurity Concerns During Plant Shutdowns

During plant shutdowns, several key cybersecurity concerns must be monitored:

Increase in Phishing Attacks

Due to increased involvement of external contractors and third parties, the organization is exposed to targeted phishing attacks. The attackers manipulate using a false sense of urgency to take action on supply chain and procurement requests, enticing legitimate users to download malicious files or click on phishing links to harvest the credentials and ultimately infect systems with malware.

The organization shall carefully design cybersecurity awareness and training before and during shutdown for company personnel, contractors and third parties during their onboarding.

Delay Response to Cybersecurity Incidents

Plant shutdown activities can delay or hinder the ability to respond to cybersecurity incidents in a timely manner. This is due to the complexity of shutdown activities and the engagement of key incident response team stakeholders in these activities that will be busy in achieving goals and objectives in very tight timelines.

Data Loss

Plant shutdown activities involve system modifications — the improper handling of which can result in data loss, corruption or even data theft due to increased involvement of new contractors and third parties that will have system and data access.

The shutdown activities involving system modifications and updating configuration, e.g., PLCs, shall be designed carefully to mitigate the risk of data loss or corruption. Non-disclosure agreements (NDAs) shall be signed with contractors and third parties, and monitoring shall be done for activities performed by them involving the handling of data to avoid unauthorized access or even theft.