Securing your mill’s control system: Q&A with ABB cybersecurity expert

^{First Published in Spring 2020 issue of Pulp & Paper Canada}

A discussion with ABB’s Apala Ray on best practices and some of the latest technologies to optimize cybersecurity at pulp and paper mills, in the context of Industry 4.0

Share this page

As is true for any type of plant, a cybersecurity breach in a pulp or paper mill can bring production to a halt, leading to serious financial losses. It can also cause harm to workers, equipment and the environment, destruction of data and much more.

According to Apala Ray, ABB’s global cybersecurity manager for industrial automation process industries, even a minor security breach has the potential to affect production for days.

In addition to direct losses from a cyberbreach, there are many potential sources of indirect loss. Some are immediate and others more long-term, and span from immediate payment of data ransom fees and the effects of uncontained ransomware spreading into more systems to risks with customer relationships.

There are also costs associated with validating that systems are back to normal, and there may be consequences related to incorrect regulatory reporting (for example, of emissions data).

In the interview below, Ray discusses today’s cybersecurity threats in the pulp and paper sector and how to address them.

Is paper mill cybersecurity different from other sectors?

Ray: There might be subtle differences. For example, quality control systems (QCS) are one of the major systems in a mill and operate like a SCADA system in supervising, monitoring and controlling the physical processes. The process can usually continue to run for short periods if the QCS is offline, but with high risk to product quality and high potential for production loss. Therefore, it is critical to maintain cybersecurity in such systems.

What are the common threats and vulnerabilities in pulp and paper mills?

Ray: Generic attacks are high in frequency and may have destructive-to-catastrophic impact, but target generic information technology environments that are not specifically tuned to industrial control systems. They usually affect the client or server layer and/or network infrastructure of a control system and are equally relevant for the paper industry as any other industry.

How do Industry 4.0 technologies help or hinder cybersecurity in mills?

Ray: Industry 4.0 technologies push for enhanced connectivity. When considering a new digital solution, make sure discussions include how to address cybersecurity concerns, and how to ensure multiple layers of defense, will be in place.

What are some new cybersecurity technologies?

Ray: New and emerging technologies will have an important role to improve the overall cybersecurity position for mills, and we will need to understand their challenges. The introduction of technology must be matched with operational measures that bring in people and processes. This typically includes defining policies and procedures for utilizing the new technology as well as educating employees accordingly.

Apala Ray, ABB's Global Cyber Security Manager, Industrial Automation Process Industries

"New and emerging technologies will have an important role to improve the overall cybersecurity position for mills, and we will need to understand their challenges. "

Best practices to protect your mill’s control system

A summary of the advice from Apala Ray:

Use people, policies and procedures.
Understand and respect the different cultures and mindsets of people in your organization. The engineering mindset, which keeps safety as a major concern, will look for a deterministic process and system. However, cybersecurity requires processes that are much more dynamic, less deterministic and continuously evolving.
ABB’s three-stage model is 1) establish a foundational level of technical and organizational security controls to defend against the majority of the generic threats, 2) continuous management and maintenance of these controls and the addition of more sophisticated controls, and 3) a strong collaborative operation of cybersecurity controls with managed security services.

Learn more

Cybersecurity

How a defense-in-depth strategy can help close the loop between connectivity, data, and control

ABB Ability™ Cyber Security Services

ABB in pulp and paper

The future of the paper industry

Select region / language

Europe
Americas
Middle East and Africa
Asia and Oceania

Global - English
Austria - German
Belgium - Dutch | French
Bulgaria - Bulgarian
Croatia - Croatian
Czech Republic - Czech
Denmark - Danish
Estonia - Estonian
Finland - Finnish
France - French
Germany - German
Greece - Greek
Hungary - Hungarian
Ireland - English
Italy - Italian
Latvia - Latvian
Lithuania - Lithuanian
Luxembourg - French
Netherlands - Dutch
Norway - Norwegian
Poland - Polish
Portugal - Portuguese
Romania - Romanian
Russia - Russian
Serbia - Serbian
Slovakia - Slovakian
Slovenia - Slovenian
Spain - Spanish
Sweden - Swedish
Switzerland - French | German | Italian
Turkiye - Turkish
United Kingdom - English

Global - English
Argentina - Spanish
Aruba - Spanish
Bolivia - Spanish
Brazil - Portuguese
Canada - English | French
Chile - Spanish
Colombia - Spanish
Costa Rica - Spanish
Dominican Republic - Spanish
Ecuador - Spanish
El Salvador - Spanish
Guatemala - Spanish
Honduras - Spanish
Mexico - Spanish
Panama - Spanish
Peru - Spanish
Puerto Rico - Spanish
United States of America - English
Uruguay - Spanish

Global - English
Algeria - English | French
Angola - English | French
Bahrain - English | French
Botswana - English | French
Cameroon - English | French
Côte d'Ivoire - English | French
Egypt - English | French
Ghana - English | French
Israel - Hebrew
Jordan - English
Kenya - English | French
Kuwait - English
Lebanon - English
Madagascar - English | French
Mali - English | French
Mauritius - English | French
Morocco - English | French
Namibia - English | French
Nigeria - English | French
Oman - English
Pakistan - English
Palestine - English
Qatar - English
Saudi Arabia - English
Senegal - English | French
South Africa - English
Tanzania - English | French
Tunisia - English | French
Uganda - English | French
United Arab Emirates - English
Zambia - English | French
Zimbabwe - English | French

Global - English
Australia - English
Bangladesh - English
China - Chinese | English
India - English
Indonesia - English
Japan - Japanese
Kazakhstan - Russian
Malaysia - English
Mongolia - Mongolian | English
New Zealand - English
Philippines - English
Singapore - English
South Korea - Korean
Sri Lanka - English
Taiwan (Chinese Taipei) - Chinese - Traditional
Thailand - English
Vietnam - English

abb.com privacy settings

Our website uses cookies which are necessary for running the website and for providing the services you request. We would also like to set the following optional cookies on your device. You can change these settings any time later by clicking "Change cookie settings" at the bottom of any page. For more information, please read our privacy notice.

Analytics

We collect statistics to understand how many visitors we have, how our visitors interact with the site and how we can improve it. The collected data does not directly identify anyone.

Preferences

We store choices you have made so that they are remembered across visits in order to provide you a more personalized experience.

Advertising and tracking

Your browsing behavior is tracked across websites by advertising and social network service providers. You may see tailored advertising and content on other websites based on your browsing profile.

Show details

Hide details

privacy notice.

Accept selected

Refuse all

Accept all