Displaying items by tag: security
Libya: The Libyan Army’s spokesman Colonel Ahmed Mismari says that the Libyan Cement Company hired contractors from the Russian security company RSB Group to clear mines at its Benghazi plant, according to Russian Sputnik news agency. The clarification came in response to reports by Reuters that regional leader Khalifa Haftar had hired the contractors directly. Libyan Air Force Brigadier General Mohammed Manfour confirmed to Sputnik that Libya had no contracts with Russian private military companies. He added that the Libyan cement company had an agreement with a British insurance company that required it to clear the plant from mines, explosives and other remnants of military operations.
Last month’s prize for the most clichéd phrases in the cement news nearly went to UK technology firm Hanhaa and its ‘internet of packaging.’ At first glance the phrase seems like a hackneyed marketing play on the ‘internet of things,’ where objects outside of normal computers start to get networked, allowing for ‘added value.’ Silly wording maybe, but the intent is serious. Tracking is a vital part of logistics for industries like cement. The investors in Hanhaa, BillerudKorsnäs, may be on to something. Indeed, in 10 years time we may be kicking ourselves that we didn’t see it.
One drawback with networking everything though is that all sorts of items start to become vulnerable to computer hacking. The famous industrial example in recent years was the so-called Stuxnet virus, an alleged attempt by US and Israeli intelligence services to physically damage parts of the Iranian nuclear industry. It was intended to damage centrifuges by looking for Programmable Logic Controllers (PLC) made by Siemens in very particular circumstances. A good overview on Stuxnet can be gained by watching Alex Gibney’s documentary ‘Zero Days.’
The problem for cement plants is that they also use PLCs for process control in common with other heavy industry. Effectively, whoever built Stuxnet has shown criminals how to attack any industrial plants that uses PLCs. Unsurprisingly, given the drip-drip of bad publicity, Siemens made a point of saying that it had gained a cybersecurity certification from TÜV SÜD, a German inspection and certification organisation, for some of its related products in late 2016.
Actual examples of cement plants being attacked are hard to find. Low-level cyber intrusions are likely to be treated akin to, say, individuals trespassing on a plant grounds and more serious incidents are probably kept quiet. ThyssenKrupp’s Industrial Solutions division, that builds cement plants amongst other things, reported that it had data stolen in an online attack from somewhere in Southeast Asia in 2016. Data espionage is one thing. Physical damage to an industrial plant is quite another. Previous to this, an unnamed German steel plant was reported to have been damaged by a systematically planned attack in 2014. Another way hackers can mess up your day is via extortion attempts or so-called ransonware attacks where systems are shut down until a ransom is paid. Recent examples of this in the wider public sphere include attempts to extort the San Francisco Municipal Railway in November 2016 and the St Louis Public Library system in January 2017. Despite shutting down their systems neither organisation paid up.
From our perspective, the Global Cement website runs using a common content management system (CMS) that runs on commonly used server software. Due to this we constantly receive low-level hacking and exploit attempts from automated scripts attempting to find weaknesses in the setup. New exploits are found, hacking attempts occur, software is updated and the cycle continues. However, the key difference between the Global Cement website and a cement producer is the turnover. A cement plant operates in millions or hundreds of millions. In this way, for hackers the return on investment of hacking an industrial plant is far higher. even if it is using limited-run proprietary software and equipment. And even if critical parts of a plant’s system are security hardened, hackers may be able to find a way in via less secure areas and then work their way across. Staff smartphones accessing a local wifi network, contractors using insecure USB drives, and hackers using social engineering techniques such as confidence tricks to gain system logins by phone are just some methods that could grant intruders digital access.
A report by Ponemon placed the average annualised cost of cyber crime to the industrial sector worldwide at US$8.05m. Although the authors point out sample size issues with their calculation, industry is the fifth most affected sector in terms of losses after finance, utilities, technology and services. Networking innovations in industry such as the ‘internet of packaging’ are potential game changers as added value from the network effect and suchlike becomes factored in. The risk though is that these kind of innovations also offer opportunities to criminals and anarchists. It’s likely only a matter of time until a serious hacking attack at a cement plant becomes public knowledge.
Germany: Siemens has obtained a cybersecurity certification from TÜV SÜD, a German inspection and certification organisation, for an automation system based on IEC 62443-4-1 and IEC 62443-3-3. As part of the certification TÜV SÜD tested and verified the security functions implemented in the Simatic PCS 7 process control system, a system that controls and monitors continuous manufacturing processes, such as those in cement plants. With this certificate, the company has documented its security approach to automation products showing integrators and operators some of its industrial security measures.
Simatic PCS 7 provides functions for industrial security including segmentation into zones and security cells, the security of access points and user authentication, secure communication, patch management, system hardening, virus scanners and whitelisting. The security measures and functions for Simatic PCS 7 contribute toward safeguarding plant operation and avoiding plant downtime and outage times.
Yemen: Eastern Cement had its fuel and raw materials supply for clinker production interrupted due to escalating security and political turmoil. The supply problems have been solved and clinker production processes have returned to normal, the Saudi Arabian cement producer confirmed.
The sale of cement by Arabian Yemen Cement Company, in which Eastern Cement controls a stake of 32%, has continued without disruption as the company has sufficient reserves of clinker. Arabian Yemen Cement Company, based in Hadhramaut province, was founded in 2004. The company's cement factory with production capacity of 1.5Mt/yr is the largest Saudi investment in Yemen.