Smart valve systems are vulnerable to cyber threats, similar to most systems and technologies. Often in the valve industry, this threat is overlooked or brushed aside. However, it is important to consider ways to prevent this from occurring to a valve system.
By Angela Gwen Cowell
According to PR Newswire’s insights on the US industrial valve market, the industry is expected to see a growth rate of 3.9% by 2032. This is due to the increasing usage of industrial valves for oil & gas, chemicals, power plants, paper pulp, water and wastewater treatment – among other industrial sectors. Research also notes that the emergence of the Internet of Things (IoT) in industrial settings is one of the key factors for growth.
Case in point, a report highlights how control units are developed with IO-Link technology. This is an Industry ready program that connects sensors and actuators to process automation systems, and provides users with data to monitor the valve, and optimize its performance. Smart valves help keep the operations and maintenance of ordinary flow-control devices cheaper, as its IoT capabilities provide real-time information on the valve. If a problem occurs, smart valves can dynamically reroute a pipeline to avoid specific areas.
Unfortunately, however, these IoT connections and capabilities open up opportunities for valves to get hacked. This article outlines what one should know to avoid this occurring.
Smart Valves Get Targeted by Cyber Terrorists
In February 2021, a hacker threatened the city of Oldsmar in Florida by attacking a water treatment plant, nearly generating a mass poisoning by trying to increase the quantity of lye in the drinking water to dangerous levels. Experts involved in the investigation noted certain vulnerabilities in the breach; lack of internet firewall, outdated software, use of shared passwords, and an absence of in-house IT staff — problems which are common in America’s 151,000 public water systems. This leaves the industrial control systems that water districts use to manage valves and pipes open to attacks, so that even inexperienced hackers can gain access to key devices.
Maryville University’s feature on cyber terrorism defines these types of acts as premeditated threats by non-state actors who intend to use the cyberspace to cause widespread damage. Their goal is to induce fear or coerce government and nongovernment bodies to act according to the criminals’ objectives. With growing dependence on technology, and insufficient capabilities against data vulnerabilities, cyber terrorists take advantage of components using smart technology, as these are easier to penetrate than human-managed infrastructures.
Different Types of Threats to be Aware Of
Companies tend to think that IT can easily handle all cybersecurity matters with quick technical fixes, but this is sadly not the case. Cybersecurity for valve systems is ultimately an ecosystem challenge that encompasses everything, therefore security measures should be enforced on a wide scale. For instance, ransomware has become increasingly common as a threat and could lead to a valve systems being taken hostage if precautionary measures are not taken.
In this way, humans are both the best asset and biggest weakness. People can design, structure, and manage cybersecurity systems for a valve system, but employees can also be susceptible to social engineering schemes. There is a challenge to make sure all personnel follow relevant protocols, such as updating software regularly and protecting authentication information.
Preparing Smart Valve Systems Against Threats
Most vulnerabilities come with known solutions. First, physical breaches on property need to be prevented. High-quality alarm systems can keep unwanted intruders out, while security professionals should be on a team to handle access. It is better to be aware of the types of valves being managed, so only the correct professionals can access the information for maintenance or repairs. There should also be a plan in place for managing threats.
A team should be trained to follow a clear process for detecting hacks, along with implementing a proactive plan to protect systems from damage. For instance, parameters can be set for the apps used, or separate IT systems from operational technology systems. This will ensure that a company is less prone to an attack. When it comes to using smart technology, Ohio State University’s engineering professor Jennifer Clark had the right idea: organizations should focus on using smart technologies to address its specific needs, and manage complex smart devices well, to preserve community trust in these tools and processes.
Conclusion
Every system is now vulnerable to cyber threats and, yes, that includes valve systems. But as this article shows, there are options to prevent breaches from happening before they occur. By implementing some of the suggested steps in this article, a company would be much better suited to handle a threat if it occurs, or avoid it altogether.
ABOUT THE AUTHOR
Angela Gwen Cowell is a freelance writer, researcher, and editor. She is deeply interested in all things tech, particularly on cybersecurity and its impact on the world. When Angela is not working on her latest piece, she enjoys learning how to code online.