Analysis of past cybersecurity-related incidents in the process industry and the like

The process industry and similar sectors are undergoing a digital transition towards higher levels of automation. This, while ensuring advantages such as efficient process control, quick and safe response to abnormal conditions, improvement of product quality and continuous process optimization, it exposes the process sites to cybersecurity threats. A cyber-attack, besides economic and reputation damages, can potentially trigger major accidents (e.g. loss of containment of hazardous materials) with severe consequences on workers, population and the environment. In the present study, the cybersecurity-related incidents (CSIs) that occurred in the chemical, petrochemical, energy production, and water/wastewater sectors, were investigated. The analysis is based on the development of a database of 78 cybersecurity-related incidents. The aim of the study is to frame a clear picture of the cyber-attacks on IT-OT (Information Technology-Operational Technology) system of process facilities and to issue lessons learnt from past incidents.