As is true for any type of plant, a cybersecurity breach in a pulp or paper mill can bring production to a halt, leading to serious financial losses. It can also cause harm to workers, equipment and the environment, destruction of data and much more.
According to Apala Ray, ABB’s global cybersecurity manager for industrial automation process industries, even a minor security breach has the potential to affect production for days.
In addition to direct losses from a cyberbreach, there are many potential sources of indirect loss. Some are immediate and others more long-term, and span from immediate payment of data ransom fees and the effects of uncontained ransomware spreading into more systems to risks with customer relationships.
There are also costs associated with validating that systems are back to normal, and there may be consequences related to incorrect regulatory reporting (for example, of emissions data).
In the interview below, Ray discusses today’s cybersecurity threats in the pulp and paper sector and how to address them.
Ray: There might be subtle differences. For example, quality control systems (QCS) are one of the major systems in a mill and operate like a SCADA system in supervising, monitoring and controlling the physical processes. The process can usually continue to run for short periods if the QCS is offline, but with high risk to product quality and high potential for production loss. Therefore, it is critical to maintain cybersecurity in such systems.
Ray: Generic attacks are high in frequency and may have destructive-to-catastrophic impact, but target generic information technology environments that are not specifically tuned to industrial control systems. They usually affect the client or server layer and/or network infrastructure of a control system and are equally relevant for the paper industry as any other industry.
Ray: Industry 4.0 technologies push for enhanced connectivity. When considering a new digital solution, make sure discussions include how to address cybersecurity concerns, and how to ensure multiple layers of defense, will be in place.
Ray: New and emerging technologies will have an important role to improve the overall cybersecurity position for mills, and we will need to understand their challenges. The introduction of technology must be matched with operational measures that bring in people and processes. This typically includes defining policies and procedures for utilizing the new technology as well as educating employees accordingly.